Privacy Policy

This Policy describes how personal information is collected, for what purposes it is collected, how we share it, how we handle the content you place in our products and services, and the steps we take to secure this information.

Contents

  1. Data retention
  2. Data security
  3. International data transfer
  4. No automated decision-making
  5. Complaints
  6. Changes to the Privacy Policy
  7. Contacting us

1. Data retention

We retain your personal information for the length of time required for the specific purpose or purposes for which it was collected, plus an additional three (3) months, which allows you to resume use of our services without loss of data. For example, for employment related opportunities, we store your Personal Information for twelve months from the date it was submitted to us.

We may be obliged to store some data for a longer time, for example, where a longer time period is required by applicable law. In this case, we will ensure that your personal information will continue to be treated in accordance with this Privacy Policy.

2. Data security

Codiak is hosted in Amazon Web Services (AWS) data centers. AWS has numerous security certifications and Codiak implements many further security controls to safeguard data.

Encryption: Where data is transferred over the Internet as part of a Website or Cloud Services, the data transmitted using industry standard HTTPS using TLS.

Where Downloadable Products are used, responsibility for securing access to the data you store in the Downloadable Products rests with you and not Codiak. We strongly recommend that administrators of Downloadable Products enable encryption in transit (e.g., HTTPS using TLS) to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

Unfortunately, no data transmission or storage system is guaranteed to be secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by emailing us in accordance with the “Contacting Us” section. Please note that third parties are not responsible for the privacy, security, or integrity of any information collected by us.

3. International data transfers

Our products and services may be provided using resources and servers located in various countries around the world, including the U.S. and other countries. For example, our website is hosted on servers in the U.S.

Your information may be transferred and processed by third-parties outside the country where you use our services, including to countries outside the European Economic Area (EEA), where the level of data protection may not be deemed adequate by the European Commission (i.e., where you have fewer rights in relation to your information).

Data Controller. If you are a visitor located in the EEA, [Codiak Iceland] is the data controller of your personal information provided to us through interactions with the Codiak Services. To find out our contact details, please see the “Contacting Us” section below. 

We expect that our third-party service providers will comply with the terms of the European Union’s General Data Protection Regulation (GDPR), and that any international data transfers be made under a recognized basis such as the US-EU Privacy Shield, EU Standard Contractual Clauses, and/or Binding Corporate Rules.

If you wish to know more about international transfers for your personal data, you may contact us as specified below.

4. No automated decision-making

At this time, we do not use any automated decision making processes. However, we reserve the right to make automated decisions, including using machine learning algorithms or other artificial intelligence, about our customers and website visitors in order to optimize the products and services offered and/or delivered.

5. Complaints

If you have any complaints about this Privacy Policy or are unsatisfied with any response we provided, you may complain to the supervisory authority in Iceland:

The Icelandic Data Protection Authority

Rauðarárstígur 10
105 Reykjavík Iceland

Tel. +354-510-9600
e-mail: [email protected]

www.personuvernd.is

Additionally, contact details for data protection authorities in the EEA, Switzerland and certain non-European countries are available here.

6. Changes to the Privacy Policy

When we update this Privacy Policy, we will revise the update date at the top of this page. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy. Your use of the services following these changes means that you accept the revised Privacy Policy.

7. Contacting us

If you have questions or comments about our privacy practices, please contact us by e-mail at [email protected]