Gem Software Privacy Policy for Non-B2B Customers

This Privacy Policy explains how Gem Software, Inc. (“Gem Software”, “we”, “us” or “our”), as a data controller, collects and uses certain personally identifiable information received from our customers and other third parties.

Gem Software helps talent acquisition teams (“B2B Customers”) with discovery and outreach, all aspects of candidate management, and provides the data and insights needed to operate more strategically (the “Service”). As part of the Service, Gem Software provides B2B Customers with business-level contact information, including names, professional titles and emails (“Business Data”) to help our B2B Customers engage with talent and other businesses. We maintain a core database of Business Data that is sourced via agreements with third parties by publicly available sources (e.g., SEC website, company websites) or via information uploaded by our B2B Customers.

For the purposes of any applicable data protection law ("Data Protection Law"), Gem Software is a data controller for Business Data relating to you. This Privacy Policy outlines your data subject rights, including the right to object to certain types of processing we carry out, for more information see the “What are your rights?” section below. This policy does not apply to other Personal Information that Gem processes on behalf of B2B Customers as their processor/ service provider. For more details on how Gem processes this Personal Information, please see our main Privacy Policy.

What Business Data do we collect and where do we get it from?

We may receive your Business Data from our B2B Customers and other third parties, as described below:

  • Information our customers provide about you: when using our Service, our B2B Customers may provide the following information about you:
    ◦ Name;
    ◦ Gender;
    ◦ Location;
    ◦ Career information, including your company name and job title;  
    ◦ Contact details, including phone number and email;  
    ◦ Application history
    ◦ Education history; and  
    ◦ The content of email communications.
  • Information we receive from third party data vendors: to help us provide our Service, we receive the following information from our third party data vendors:
    ◦ Name;
    ◦ Gender;
    ◦ Location;
    ◦ Career information, including your company name and job title;
    ◦ Contact details, including phone number and email; and  
    ◦ Education history.
  • Information we receive from publicly available sources: to help us provide our Service, we receive the following information from publicly available sources such as Indeed, GitHub, Facebook, Twitter and SeekOut:
    ◦ Name;
    ◦ Location;
    ◦ Gender;
    ◦ Company;
    ◦ Email address;  
    ◦ Phone number; and
    ◦ Education history.

Sensitive Information: We do not knowingly process information revealing political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life. We may process gender or racial data as part of our or our customer's diversity, equity, and inclusion initiatives.

How do we share your information?

We share your Business Data in the following ways:

  • With our B2B Customers – as part of our Service, we share your Business Data  with our B2B customers who may wish to consider you as a candidate for a position they’re filling. For example, we may share your contact details so that our B2B Customers may contact you.  
  • With our third-party service providers – we share your Business Data with our third party service providers in order to provide the Service. For example, we share your information with our service providers in order to verify the accuracy of your Business Data, to rectify your Business Data and correct any omissions in your Business Data.

If you are habitually resident in the European Economic Area (“EEA”), Switzerland or the United Kingdom, we will transfer or transmit your information to the United States and other countries outside of where you live for storage, processing and the other purposes described in this Privacy Policy. For example, we currently use data center facilities located exclusively in the United States.

Countries which are outside the EEA, Switzerland or United Kingdom may not offer the same level of data protection as in your home country, for example there is currently no adequacy decision in respect of the United States. Where the European Commission has recognized a country as providing an adequate level of data protection, Gem may rely on the Commission’s adequacy decision, as applicable, to transfer data.

When transferring data from the EEA, Switzerland or the UK, Gem Software relies upon the Standard Contractual Clauses. For a copy of the Standard Contractual Clauses, please contact legal@gem.com.

What is our legal basis for processing your information?

We rely on our legitimate interests in providing and improving our Service in order to process your Business Data. The uses described in this notice have a minor impact on the privacy of individuals because the Business Data is related to a person's role on behalf of a business, and is typically both widely disclosed and readily available to the public.

How long do we store your information?

We retain your information only for as long as it is necessary for our business purposes or until you exercise your right to erasure/deletion of your information.

What are your rights?

While some of these rights apply generally, certain rights apply only in limited cases based on your location. You have the following rights in respect of your Business Data that we hold:

  • Right of access - You can request more information about the Business Data we hold about you and request a copy of such Business Data, which includes the categories of Business Data, the categories of sources from which the Business Data was collected, what the business or commercial purpose is for the collecting or selling of the Business Data, and the categories of third parties that we share your Business Data with.
  • Right to rectification - If you believe that any Business Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
  • Right to erasure - In certain circumstances, you have the right to obtain the erasure of your Business Data without undue delay.
  • Right to restriction - The right to obtain the restriction of the processing undertaken by us on your Business Data in certain circumstances, such as where the accuracy of the data is contested by you, for a period enabling us to verify the accuracy of that data.
  • Right to object - You have a right to object to processing of your Business Data based on legitimate interests or in the public interest, and for direct marketing.
  • Right to withdraw consent - Where we rely on consent to process your Business Data, you have the right to withdraw consent at any time without affecting the lawfulness of any processing based on the consent before its withdrawal.
  • Right to file a complaint - You have the right to lodge a complaint about our practices with respect to your Business Data with the supervisory authority of your country or state.

How should you contact Gem?

If you have any questions about our privacy policy or wish to exercise your rights as an individual, please do so by emailing us at support@gem.com.

Our main office address is 1 Post Street, 18th Floor, San Francisco, CA 94104, USA.

Last Modified: July 15, 2022