Cornerstone Client Portal Privacy Policy

Last updated: 20 October 2020

Cornerstone OnDemand, Inc. and its global affiliates (collectively, “Cornerstone”) help Organisations recruit, train, and manage their people.The entity granting you access to Cornerstone’s software (“Organisation”) is a Cornerstone customer that collects and processes your personal data. This privacy policy (“Privacy Policy”) governs Cornerstone’s processing of personal data you and/or the Organisation has inputted into Cornerstone’s software application (“Software”) for the purpose of recruiting, training and/or managing you.

Collection of Information
Cornerstone does not directly collect your personal data. Cornerstone processes data you and/or the Organisation inputs into the Software for the purpose of recruiting, training and/or managing you. Such data may include, but is not necessarily limited to, candidate data, employee data, contractor data, student data, training data and performance data.

Usage of Data
Cornerstone will process the data only in accordance with the agreement between Cornerstone and the Organisation, including, but not necessarily limited to, providing technical or functional support, and ensuring the security of the Software.Please contact the Organisation with any questions about its use of your personal data.

Contact and Queries
The Organisation is a data controller. A “data controller” determines the purposes for which and the means by which personal data is processed. Cornerstone is a data processor of your personal data. A “data processor” processes personal data only on behalf of the controller. All queries regarding your personal data should be directed to the Organisation.

Website Usage Information
1. Cookies
For information on the cookies we use, and their functionality please refer to our cookie policy.

2. IP address and Clickstream data
Our servers automatically collect data about your internet protocol (“IP”) address when you visit a Cornerstone webpage (“Website”). Our servers may log your IP address and sometimes your domain name when you request pages from a Website. Our servers may also record the referring page that linked you to us (e.g. another website or a search engine); the pages you visit on a Website; the website you visit after the Website; other information about the type of web browser, computer, platform, related software and settings you are using; any search terms you have entered on the Website or a referral website; and other data logged by our web servers. We use this information for internal system administration, to help diagnose problems with our servers, and to administer our Websites. Such information may also be used to gather broad demographic information, such as country of origin and Internet service provider. Personal data including IP addresses are not used to facilitate contact with users who have not provided their contact details to Cornerstone. Personal data is not shared with nor sold to any third-party

Use, Disclosure, and Sharing of Personal Data
1. Service providers
We may use third-party partners to operate and maintain our Software and deliver our products and services in accordance with the agreement we have with the Organisation. Third-party service providers are contractually restricted from using or disclosing your personal data except as necessary to perform services on our behalf or to comply with legal requirements. Depending on contractual requirements and applicable law, data can be processed in the United States, United Kingdom, New Zealand, India, Israel, European Union, or any other jurisdiction determined by the European Commission to have a suitable level of data protection.

2. Aggregated statistics
We may aggregate and anonymise non-personally identifiable data into statistics regarding user behaviour such as overall patterns or demographic reports that do not describe or identify any individual user.

3. Legally compelled disclosures
We may disclose your personal data if required to do so by law or subpoena or if we believe that such action is necessary to: (a) conform to law applicable to Cornerstone or our partners; (b) comply with a judicial or court order, or comply with legal processes served on us or Affiliated Parties; or (c) protect and defend our rights and property, Websites, and/or the users of the Websites.

4. Worldwide transfer and processing of Personal Data (applies unless otherwise agreed in writing between you or the Organization and Cornerstone)
Cornerstone may use your data for the purposes described herein and per the agreement between Cornerstone and the Organization. Your data may be processed and transferred in and to the United States and other countries and territories listed herein, which may have different privacy laws from your country of residence, and which may afford varying levels of protection for your personal data. Regardless of the laws in place in these countries, we will treat the privacy of your information in accordance with this Privacy Policy and the agreement between Cornerstone and the Organization.

Your access and correction rights
You retain the right to submit and correct your personal data by contacting the Organisation.

Cornerstone OnDemand, Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Third-party websites
When you are on this Website you may have the opportunity to visit or link to other websites, including other websites operated by us or by unaffiliated third parties. These websites may collect personal data about you, and because this Privacy Policy does not address the information practices of those other websites, you should review the privacy policies of such other websites to see how they treat your personal data.

Privacy of minors
This Website is not directed at children under the age of thirteen. We do not knowingly collect personal data from children under the age of thirteen on our Websites. If we become aware that we have inadvertently received personal data from a visitor under the age of thirteen on a Website, we will delete the information from our records.

Security
The security and privacy of personal data is of utmost importance to Cornerstone. We use commercially reasonable and industry-standard physical, managerial and technical safeguards to preserve the integrity and security of your personal data. More information can be found here: https://www.cornerstoneondemand.com/company/security.

GDPR Information Notice and Related Provisions
The General Data Protection Regulation 2016/679 (“GDPR”) is a regulation on data protection and privacy in the European Union and the European Economic Area (“E.E.A.”). It also addresses the transfer of personal data outside the E.U. and E.E.A.GDPR requires data processors to provide the following information.

1) Controller Identity and Contact Details
Cornerstone acts only as a processor. The Organisation is the controller of your personal data and should provide you appropriate contact details.

2) Data Protection Officer
Cornerstone has appointed a Data Protection Officer. However, Cornerstone acts only as a processor. The Organisation is the data controller and should provide you appropriate contact details.

3) Purposes and Legal Basis for the Processing
Cornerstone will process the data only in accordance with the agreement between Cornerstone and the Organisation, including, but not necessarily limited to, providing technical or functional support, and ensuring the security of the Software.Please contact the Organisation with any questions about its use of your personal data.

4) Information Sharing
We may use third-party providers to help us to deliver our products and services. Third-party service providers are contractually restricted from using or disclosing the information, except as necessary to perform services on our behalf or to comply with legal requirements.

5) International Transfers
Depending on contractual requirements and applicable law, data can be processed in the United States, United Kingdom, New Zealand, India, Israel, European Union, or any other jurisdiction determined by the European Commission to have a suitable level of data protection.All locations either benefit from an Adequacy Decision or from alternative suitable safeguards.

6) Data Retention
Cornerstone will retain your data only as agreed between Cornerstone and the Organisation and in accordance with applicable laws to which Cornerstone is subject.

7) Data Subject Rights
Cornerstone acts only as a data processor. The Organisation is the controller and should provide you appropriate contact details.

8) Automated Decision-making
Cornerstone acts only as a processor and does not make decisions affecting you. The Organisation is the controller and should provide you appropriate information regarding its decision-making process.

U.S. Specific Provisions
Where Cornerstone is subject to U.S. privacy requirements the following applies:

1) Job Applicants and Employees
Cornerstone collects or is provided personal data such as name, address, email address and social security numbers from job applicants, employees and contractors for, among other things, legitimate human resource business reasons such as payroll administration, filling employment positions, maintaining accurate benefits records, meeting governmental reporting requirements, security, health and safety management, performance management, company network access, and authentication. Cornerstone does not engage in automated decision-making.

2) Customers
Personal data provided to Cornerstone by the Organisation and the processing of personal data is defined in the Collection of Information and Usage of Data sections of this policy.

3) Do Not Track.
Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honour “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our Webpages.

Updates to our privacy statement
This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our online information practices. We will indicate at the top of the statement when it was most recently updated.

Language
The governing language of this Privacy Policy is English, which shall prevail over any other language used in any translated document.