We at CommendU.com take privacy very seriously. We only collect data and information about you to assist us with providing the service you have requested from us. We will not share this information with any third party (other than by providing the service you have requested), unless we are legally obliged to. We will collect and store your information securely, doing what we can to ensure that your information is not accessible by any third party.
CommendU.com is a Data Controller and you are welcome to contact us to discuss personal data privacy by emailing firstname.lastname@example.org.
Please see our cookies section for more information on how cookies are used.
We provide a service that allows Employers to offer a finder’s fee to Referrers who refer one of their contacts (an Employee). The data we collect and process varies depending on whether your account is registered as a Referrer, Employer or you use the website as an Employee.
We have minimised the information we store about you so it is only required for the service we are providing. We do not process any special category data. We are collecting data using the lawful basis of ‘contract’ as the data is required in order to provide you the service requested. We obtain permission to send you marketing emails purely on the lawful basis of ‘consent’ which you can withdraw at any time.
Updates to this policy
We keep this Privacy Notice under regular review and we will place any updates at the top of this web page. This Notice was last updated in July 2018.
You will be made aware of any significant changes either by email or when logging onto the site.
Data We Collect
We collect the following information about you through our web service:
|Nature of Data||Employer||Referrer||Employee||No Account|
|Address, incl country||✔||✔|
|PayPal email address||✔|
|On platform communications #||✔||✔|
|Feedback information #||✔||✔||✔||✔|
|How you use our website||✔||✔||✔||✔|
None of this data will be shared with any other users of the web service unless it is marked with # in the table above. Third parties will only have access to this information if their service is needed to assist us in providing our web service. Where possible, this data will be anonymised before being shared.
We do not store bank details; this service is provided by external service providers that will have separate Privacy Policies. However, for Referrers, we do store the email address associated with your PayPal account so that we are able to pay you any Finder’s Fees or Employer Referral Fees applicable.
We record anonymously the referring url of any click links to adverts on CommendU.com.
In addition to the above personal information we gather the following information for positions (Employers only):
- Position Title
- Position Reference
- Position Department
- Location of Position
- Summary of Position
- Public URL to third party website where position is advertised
- Logo to display with the Position
- The Finder’s Fee being offered
- Specific questions that any Referrer should answer
- Dates when the position changes state within CommendU.
- How many times referrals for a position is viewed
We obtain feedback from Employers on the Referrals received. This is information such as a star rating and reason for the rating.
When a position is closed by an Employer we ask for feedback on our service which includes information such as a rating, the reason for closing the position.
We provide all users including users that are not logged-in the ability to provide us feedback on the platform. Personal data is not explicitly requested however the user may enter personal information into the comment box. This is processed by email and recorded and used to improve our service.
We provide all users the option to report advertised positions that they consider to be abusive. The data is received by email and we will record the following data in order to process the abuse claim:
- Email address
- Description of the abuse.
Referrers can dispute a referral that was not successful if they believe that the employer has hired off their referral. This information is shared with the Employer so that they can respond. In this instance the following data is captured:
- Reason for disputing
- Evidence (including image or PDF)
- What permission they obtained to refer the employee
- Relationship to employee
In referring someone to an Employer, a Referrer will be entering data relating to their contact (an Employee). The Employee data will include:
- Email Address
- LinkedIn url
- Answers to the questions posed by the Employer entered by the Referrer
- A general referral reference
- Date when consented
- Any requested changes the Referrer should make before referral is submitted to Employer
To protect the privacy of the Employee, this data will then be emailed to the Employee to seek their approval for it to be used (via the email address provided). The Employee must approve of the use of this data for it to be used as part of our service. If the Employee rejects the use of the data, all of the data will be deleted or blanked.
An Employee can withdraw permission for us to use their data via the ‘How It Works – Employee‘ page. After unsubscribing, no emails will be sent to the Employee, and as such, no referrals can be approved and posted to an Employer. The Employee can also chose to ‘black-list’ themselves so that they are not referred ever again. This requires us to store the Employee email address even if they have requested all their data be removed/anonymised on the platform.
Some Positions can be applied directly to the Employer via the CommendU.com platform. In this instance, the information is not stored on the platform but is emailed to the Employer responsible for the position.
Sharing Information Between Users
When a referral is submitted to an Employer, the Employer will see the name of the Referrer (as provided to CommendU.com), and vice versa. We do not provide contact details for either the Referrer or the Employer, but we do enable communication to take place (anonymously, other than your name) through CommendU.com. It is your decision on whether to use your real name or not.
Referral (Third Party) Data
Where we collect information about a third party, typically as part of the data collected when you, as a Referrer, submit a referral, we store the information you provide. We will not share the name or contact information (including their email address or LinkedIn profile url, if provided) of the third party with the Employer; this information is only collected to assist us in the case of a appeal. We also won’t use this information for marketing purposes, such as email marketing. We expect and encourage you to ensure this is either information in the public domain (such as a LinkedIn profile url) or information that the referral has consented for you to share with us. An Employer can only see the this information about the third party if you have submitted it to that Employer; we will not share it with other Employers.
We will contact you if either:
- We need to advise or update you on a specific job or referral that you have submitted. You cannot opt out of this as it is integral to the service we are providing.
- You have consented for us to contact you for marketing purposes when you signed up. This can be amended by reviewing your account information or for Employees, via the ‘How It Work – Employee‘ page
We operate under the General Data Protection Regulation (‘GDPR’), effective from 25 May 2018 (which replaces the Data Protection Act 1998 from that date). In the UK, the requirements of GDPR have been incorporated into the Data Protection Act 2018. The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and where necessary kept up to date;
- kept for no longer than is necessary for the purposes for which the personal data are processed.
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
Please contact us using email@example.com.
Please note we provide the ability for a referrer and employer to delete their accounts and required personal data will be anonymised. Employees can also change their permissions via the ‘How It Works – Employee‘ tab. An Employee can add/remove themselves from the marketing email list, remove consent for their data to be processed in all active referrals and ask us to prevent them from ever being referred again.
The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request and verified who you are we will respond within one month.
There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, an Employer or Referrer can amend this through their account settings page. If you do not hold an Employer or Referrer account, please email firstname.lastname@example.org.
The right to object to processing of your personal data or to restrict it to certain purposes only
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
The right to request portability of data
You can request that personal data you have provided which is based on consent or for the performance of a contract and that that has been carried out by automated means be provided to you in a structured and machine-readable format.
The right to object
You can object to your personal data being used where the legal basis is legitimate interest or public interest or is being used for direct marketing. All platform users can remove consent to receive marketing emails either from the account settings or the ‘How It Works – Employee‘ page.
The right to not be subject to decision based solely on automated processing
CommendU.com does not use automated decision making.
The right to lodge a complaint with the Information Commissioner’s Office.
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Alternatively, please contact the relevant supervisory body for the country you are resident.
Transfer of Data Abroad
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
How long do we keep your personal data?
We will keep all position records and associated referrals, on-platform communications, appeals, Employee consent response, and when referral viewed for 8 years maximum. This is to align with current best practice to keep records for a minimum period of 7 years to support HMRC audits or provide tax information.
When Employee selects to remove consent for their data to be used on the platform we will delete immediately records on the consent given, remove from marketing list (if signed-up) and anonymise Employee personal data in the referrals.
When an Employer or Referrer deletes their account we will anonymise all data to meet our requirement to store position data for 8 years maximum. In addition for the Referrer, all feedback received from Employers will be deleted.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Third party websites
This platform is not intended to be used by anyone under the age of 18.
The Platform is hosted within the UK by TSO Hosting who are part of the Paragon Internet Group with company number 7573953.
What are cookies?
Cookies are small text file stored on your computer or mobile device when visiting our website.
Are all cookies the same?
Cookies can be classified as follows:
Session cookies: These cookies are automatically erased when you close your browser.
Persistent cookies: These cookies remain on your device until they expire (in terms of minutes, days or years since the cookie creation/update).
Third-Party cookies: These cookies are stored on behalf of third parties.
How to manage cookies using our website
To give you the best experience on the cookie management side, we classify cookies on this website into two categories, essential and non-essential.
In addition to managing cookies via your browser, you can enable and disable directly from this website (with the only exception of essential cookies which are strictly necessary). In the case of Third-Party cookies, this website will not use them after being disabled (we cannot delete them as the cookie ID can be randomly generated by the Third-Party).
Essential: These cookies are essential for the website features to work properly. E.g.: authentication cookies, shopping cart, session cookies.
Non-essential: These cookies collect information about how you use this website.
|Cookie||Type||Duration||Description||Cookie ID||Cookie Sensitivity|
|Google Analytics||persistent||_ga 2 years, _gid 1 day||Google Analytics for anonymised traffic analysis||_ga, _gid||non-necessary|
|Session Cookies||session||0||PHP Session Cookie and Wordpress test Cookie (to confirm Cookies are accepted).||PHPSESSID, wordpress_test_cookie||necessary|
|Woocommerce Persistent Cookie||persistent||2 days||These are essential cookies for the operation of Woocommerce.||wp_woocommerce_session_x||necessary|
|Woocommerce Session Cookies||session||0||Necessary for the Woocommerce shopping cart.||woocommerce_cart_has, woocommerce_items_in_cart||necessary|
|WordPress Cookies||persistent||2 weeks||These are essential cookies for the operation of Wordpress.||wordpress_logged_in_x, wordpress_sec, wordpress_settings_x||necessary|