Skip to content

Privacy policy

 

Effective Date: December 2023

While we encourage you to read our entire Terms of Use and Privacy Policy, here are a few highlights for quick reference:

  1. Data privacy and data security are fundamental to a successful user experience on the Eskalera platform. Your employer cannot discover or track anything you do or share on our Services. We will only provide data that can be linked to you to your employer with your permission or pursuant to a warrant signed by a judge.
  2. You are in an independent relationship with Eskalera, although Eskalera’s contract with your employer governs your use of those aspects of our services.
  3. You are responsible for populating your Eskalera account and your profile with accurate information so we can make your time with us productive and helpful.
  4. Eskalera is not a reporting tool for complaints about the workplace or allegations of misconduct. Any such information should be reported through appropriate channels with your employer or, if applicable, to law enforcement.
  5. We use artificial intelligence and machine learning to make our software cooler, smarter, and stronger – but all of it subject to the privacy and trust constraints described above.

You can send any questions to support@eskalera.com.

1.Welcome to Eskalera!

Eskalera enables large and medium-sized companies to transform their HR operations by improving employee engagement, productivity, and growth. We provide prescriptive insights for employers to engage and grow their workforces by integrating employees’ quantitative data with real-time sentiment.

Data privacy and data security are fundamental to a successful user experience on the Eskalera Platform. We consider the personal information that you input into the Platform and Services to be your data, and Eskalera’s Platform is designed to securely store and protect your data.

Specifically, Eskalera’s “Core Tenants” are:

  • Your interactions and responses while engaging with Eskalera are accessible only by you and are not available to or viewable by your employer.
  • To ensure privacy, we only provide fully deidentified data to your employer, meaning that your employer cannot discover or track anything you do or share on our Services.
  • We will onlyprovide data that can be linked to you to your employer with your permission or pursuant to a warrant signed by a judge.

This Privacy Policy applies to your use of Eskalera’s Platform and Services, including any associated Eskalera mobile or desktop applications, eskalera.com and other Eskalera websites (the “Websites”), as well as your relationship with Eskalera, Inc. (“Eskalera”, “we”, “us” or “our”). This Privacy Policy is part of Eskalera’s User Terms of Use

By accessing or using the Services, you are agreeing to our Privacy Policy.

You should read our full Privacy Policy to understand what data we collect, how we use it, and the circumstances where we may share it.

This Privacy Policy may change over time. If we make changes to it, we will post the modified Privacy Policy on our Website, www.eskalera.com/privacy-policy/. We encourage you to visit this page periodically to learn of any updates.

2.Our Relationship with Employers.

Our customers are employers (“Employers”). Each Employer separately either agreed to our Customer Terms of Use or entered into a written agreement with us (in either case, the “Contract”), which governs their use of the Services. The Employer that entered into the Contract controls their instance of the Services, including the processing of any data submitted through their instance of the Services (collectively, “Employer Data”). This means that if you are granted access to the Services by an Employer or if you use an Employer’s instance of the Services, then the Contract will also govern how we may collect, use, process, and store your data while you use that instance of the Services. If you have any questions about specific Employer privacy practices, please contact the Employer whose instance of the Services you use—i.e. if you have questions, please contact your employer.

3.What Information We Collect

We collect personal information (or personal data) and non-personal information from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by your employer or another third party; we also may receive personal information about you automatically as you use the Services.

Information you Provide Us: We receive personal information about you that you choose to provide to us, including when you create an account; update your profile; respond to questions, surveys or curricula on the Services; provide us third-party account credentials; or otherwise use our Services. For example, you might provide your name, interests, skills, work history, or education. You may also be able to upload documents that include personal information (such as a resume or transcript).

Information from Employers or their HRIS: Our customers are employers, and they may share information about their employees, including you, with us so that we can provide them with services that they use to engage and grow their workforce. Each Employer chooses what information it shares, which may, for example, include your name, mailing and email address, educational information, professional information, or compensation information. If the Employer uses a third-party human resource information system (for example, Workday or BambooHR, each an “HRIS”) to import information into Services, we will also receive information from that third party (for example, your name, email address, employment, and demographic data).

Usage and Log Information: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location.

Mobile Information: If you use an Eskalera mobile application, we may collect analytic information about your device, such as IP address, device ID, OS version, and clickstream.

Information from Public Sources or Third Parties: We may receive additional information about you from public or third party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.

Cookies and Local Storage: We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies and local storage, to gather information about the use of our Services and how people interact with our emails. Cookies and local storage are small files containing a string of characters that is sent and stored and may be accessed on your device when you visit a website. When you use our Services, we, or an authorized third party, may place a cookie or local storage on your device that collects information, including personal information, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience. We use both session-based and persistent cookies on our Websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off.  You can control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our Websites and Services.

We also use web beacons and pixels on our Websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our Websites, Services and marketing emails.

Our Services use the following types of cookies for the purposes set out below:

Type of Cookies

Purpose

Essential cookies

These cookies are essential to provide you with services available through our Services and to enable you to use its features. For example, they allow you to log in to secure areas of our Website and help the content of the pages you request load quickly as you access the Services. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality cookies

These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

Analytics cookies

These cookies enhance functions, performance, and services on the Websites. These cookies may be used to improve how our Websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our Websites are used, including which pages are viewed most often.

We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-US

 

  1. How We Use Your Personal Information

We collect, use, process, and store your personal information:

  • To provide the Services, such as allowing you to take our Eskalera Experiences or to create your profile.
  • To personalize the Services. For example, we may use information you provide to us to suggest techniques you can implement to feel more empowered in the workplace.
  • To receive and process job applications for jobs with us.
  • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.
  • With respect to Employer Data, in accordance with the Partner Agreement.
  • For internal business purposes, such as to improve our Services.
  • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Eskalera and others.
  • To enable communications through the Services.
  • To contact you about additional Eskalera services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
  • As required by applicable law, legal process or regulation.
  • For purposes as disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.
  1. When We May Share Your Personal Information

We will only share your personal information with third parties under the following circumstances:

  • At your instruction or if you choose to share. For example, you can manage and individually share any of your personal information from your profile to take advantage of Eskalera’s product offerings.
  • With others with whom you choose to collaborate or connect via the Services. The Services may provide different ways for you to choose to collaborate or connect with others, in which case you may provide and share information with others.
  • With affiliated businesses, agents, or vendors that are contractually engaged to provide us with services, such as email management. These companies are obligated by contract to safeguard any personal information they receive from us.
  • With respect to Employer Data, in accordance with the Partner Agreement.
  • With any of our affiliated companies, including a parent company, subsidiaries, joint ventures, or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy).
  • If we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request; to enforce or apply the User Terms of Use; to protect the security or integrity of the Services; and/or to protect the rights, property, or safety of Eskalera, its employees, customers, users, or others. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
  • In the event we go through a business transition (such as a merger, acquisition by another company, bankruptcy, or sale of all or a portion of our assets, including, without limitation, during the course of any due diligence process), your personal information will likely be among the assets transferred. By providing your personal information, you agree that we can transfer such information in those circumstances without your further consent. Should such a business transition occur, we will make reasonable efforts to request that the new owner or combined entity (as applicable) follow this Privacy Policy with respect to your personal information. If your personal information would be used contrary to this privacy policy, we will request that you receive prior notice.
  1. When We Use and Share Non-Personal Information

We use and share your non-personal, de-identified or aggregated data in a variety of ways, including to improve the Services.

7.How to Opt-Out of Email Communications

To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email or update your account preferences. For users in the European Economic Area (“EEA”): We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information For EEA Users” below.

  1. Storage, Security and How to Remove Your Information

We use industry standard technical, administrative and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur

We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

9.De-Activating Your Account

You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to privacy@eskalera.com.

  1. Third Party Links

The Services may contain links to and from websites of Employers or other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies.

11.U.S. Privacy Rights

This section, which supplements the rest of this Privacy Policy, applies to residents of a U.S. state that has a comprehensive privacy law, including California, Connecticut, Colorado, Virginia and Utah. (collectively, “U.S. State Privacy Laws”). This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and other U.S. State Privacy Laws. This section applies only to “personal information” that is subject to the CCPA and other U.S. State Privacy Laws.

Eskalera does not sell personal information and has not sold any personal information to third parties in the preceding 12 months.

Personal Information We Collect and Disclose for a Business Purpose. Without limiting the description of the information we collect, we collect the categories of personal information about California consumers identified in the chart below. More information regarding the personal information we collect can be found above in the section titled “What Information We Collect.”

Categories of Personal Information

Examples

Collected in Prior 12 Months:

A. Personal and online identifiers.

A real name, alias, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, telephone number, education, employment, or employment history. Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, sex (including gender, gender identity, or gender expression), veteran or military status, or genetic information.

Yes

D. Commercial or transactions information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

No

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location.

Yes

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

No

I. Professional or employment-related information.

Current or past job history.

Yes

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No


Categories of Sources
. We collect personal information from, without limitation, consumers directly, our customers, our Services’ inferences, service providers, and public sources. More information regarding the sources from which we collect personal information can be found above in the section titled “What Information We Collect.”

Why We Collect, Use, and Share California Information. We use and disclose personal information for our commercial and business purposes, as further described in this Privacy Policy and in the section titled “How We Use Your Personal Information.” These commercial and business purposes include, without limitation:

Our commercial purposes, which include:To provide the Services, such as allowing you to take our Eskalera Experiences or to create your profile.

  • To personalize the Services. For example, we may use information you provide to us to suggest techniques you can implement to feel more empowered in the workplace.
  • To receive and process job applications for jobs with us.
  • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.
  • With respect to Employer Data, in accordance with the Partner Agreement.
  • For internal business purposes, such as to improve our Services.
  • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Eskalera and others.
  • To enable communications through the Services.
  • To contact you about additional Eskalera services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
  • As required by applicable law, legal process or regulation.

Our business purposes as identified in the CCPA, which include:

  • Auditing related to our interactions with you;
  • Legal compliance;
  • Detecting and protecting against security incidents, fraud, and illegal activity;
  • Debugging;
  • Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;
  • Internal research for technological improvement;
  • Internal operations;
  • Activities to maintain and improve our services; and
  • Other one-time uses.

Recipients of California Personal Information. We disclose, and have disclosed in the last 12 months, the categories of personal information identified as collected in the chart above for business purposes to the following categories of third parties: customers, service providers, data analytics providers, and operating systems and platforms. More information regarding the categories of third parties with whom personal information is disclosed can be found in the section above titled “When We May Share Your Personal Information.”

Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

  • The right to knowthe categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have shared personal information;
  • The right to request that we deletethe personal information we have collected from you or maintain about you.
  • The right not to receive discriminatory treatmentfor the exercise of the privacy rights conferred by the CCPA.

To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:

  • Online in the form at the bottom of the page of https://eskalera.com/privacy-policy/.
  • By email at privacy@eskalera.com.

Verification Process and Required Information. We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will then typically attempt to match the identifying information provided by you to the personal information already maintained by us to verify the request. If you have a password protected account on the Services, we may verify your identity through the existing authentication practices for your account, in which case we will require you to re-authenticate yourself before we disclose or delete your personal information.

Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity, as described above, and providing written permission for the authorized agent to act on your behalf.

Minors’ Right to Opt In. Eskalera does not sell the personal information of minors under 16 years of age.

Non-Discrimination. Eskalera will not discriminate against a user because the user exercised any of the user’s rights described above or afforded to it under applicable data privacy law.

12.Nevada Privacy Rights

This section, which supplements the rest of this Privacy Policy, applies to residents of Nevada. Under Nevada law, Nevada residents may submit a request directing us not to make certain disclosures of personal information we maintain about them.

To exercise this right, please contact us:

  • Online in the form at the bottom of the page of https://eskalera.com/privacy-policy/.
  • By email at privacy@eskalera.com.
  1. GDPR: Information for EEA Users

This section only applies to our European Economic Area (“EEA”) users.

Individuals located in the EEA have certain rights in respect of your personal data, including:

  • The right of access to your personal data;
  • The right to correct or rectify any inaccurate personal data;
  • The right to restrict or oppose processing of personal data;
  • The right to erase your personal data; and
  • The right to personal data portability.

As an Eskalera user:

  • We rely on your consent as a lawful basis for processing personal data to provide you with marketing or promotional communications.
  • We process personal data in order to provide you with services as requested by you, or to perform our contract with you as described in this document, including:
  • To enable the Services to function as expected; and
  • To communicate with you in response to customer service inquiries and to deliver non-promotional, service-related emails.
  • Additionally, we process personal data based on our “legitimate interests” in providing you the Services including:
  • To protect against fraud;
  • Network and information security; and
  • To offer the Services.

In some cases, Eskalera may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en.

  1. Onward Transfer/Data Privacy Frameworks Program:

Eskalera complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Eskalera has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Eskalera has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@Eskalera.com. If requested to remove data, we will respond within a reasonable timeframe. 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@Eskalera.com 

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

In the context of an onward transfer, Eskalera is responsible for the processing of personal data it receives under the Data Privacy Framework (DPF) and subsequently transfers to a third party acting as an agent on its behalf. Eskalera shall remain liable under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles unless the Eskalera proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Eskalera commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

In compliance with the EU-US and Swiss-US Data Privacy Framework Principles, Eskalera commits to resolve complaints about your privacy and our collecting or use of your personal information. European Union, UK, or Swiss individuals with inquiries or complaints regarding this privacy notice should first contact Eskalera directly at privacy@Eskalera.com. We will respond to your complaint within 30 days of receipt.

We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Data Privacy Framework Principles to DATA PRIVACY FRAMEWORK SERVICES, a non-profit alternative dispute resolution provider located in the United States and operated by the BBB National Programs. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  .

The Federal Trade Commission has investigation and enforcement authority over our compliance with the Data Privacy Framework Program. 

 

15.Exercising Rights, Contact Us and Accessing Your Information

Eskalera users may exercise their rights regarding their personal information as follows:

  • You may be able to access, delete, correct, port or restrict processing of your personal information through your account settings in the Eskalera platform or by contacting us at privacy@eskalera.com. Some jurisdictions (e.g., Colorado and Virginia) give you the right to appeal our decisions in connection with your rights.
  • You may withdraw your consent to receive cookies or tokens by adjusting your browser settings.
  • You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within Eskalera email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.

If you have questions or concerns and need to contact Eskalera and/or better understand your rights in connection with a data transfer under the EU to U.S. (including the UK bridge) or the Swiss U.S. Data Privacy Framework Principles, please see section 14 of this privacy policy above.

VeraSafe has been appointed as Eskalera’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Eskalera at privacy@eskalera.com, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
The Netherlands

VeraSafe has been appointed as Eskalera’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of privacy@eskalera.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

If you have any questions about our privacy practices, or if you wish to make a request, contact us at either:

Eskalera, Inc.
Attn: Privacy
23 Geary Street, Suite 600
San Francisco, CA 94108
or
privacy@eskalera.com