Privacy and Security Policy

Date Last Revised: August 29, 2019 

This Privacy & Security Policy explains how we protect personal data provided through our website craft.co (the "Site") and how we use that personal data in connection with our service offered through the Site (the “Service”). The Service consists of, among other things, a database of information concerning companies (the “Database”), which includes certain personal data about those companies’ leadership, management, and personnel. “Personal data” for purposes of this Policy means information that identifies or is identifiable to a living natural person. This Policy covers both our collection and processing of personal data regarding users of the Craft Site and Service. For our policy concerning our collection and processing of personal data in the Craft Database, see the Craft Database Information Policy 


1. We care about the privacy of Craft users.


Simply put, we do not and will not sell or rent your personal information to anyone, for any reason, at any time. Craft uses and discloses your personal information only as follows:

  • to fulfill your requests for certain products and services;
  • to analyze site usage and improve the Service;
  • to deliver to you any notices and communications relevant to your use of the Service;
  • for research, planning, troubleshooting problems;
  • to third-party contractors that provide services (e.g. email notifications) to Craft and are bound by these same privacy restrictions;
  • to enforce Craft’s Terms of Service; and
  • as otherwise set forth in this Privacy and Security Policy.


Craft may make anonymous or aggregate personal information available, and disclose such data only in a non-personally identifiable manner, to:


  • Users of the Service for purposes of comparison to the broader community;
  • Organizations approved by Craft that conduct research into career management and development; and
  • Advertisers and other third parties for their marketing and promotional purposes.


Such information does not identify you individually. Access to any personal information you provide is strictly restricted and used in accordance with specific internal procedures and safeguard governing access, in order to operate, develop or improve the Service.


We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@craft.co.


2. Online session information and use is only used to improve your experience.


When you visit Craft.co, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Site’s design and functionality.


“Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. Craft may set and access cookies on your computer to track and store information about your preferences. Craft may gather information about you through cookie technology. For example, Craft may assign a cookie to you, to limit the amount of times you see a particular notification. Please note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Site or Service may be impaired for you.


3. Third Parties.


We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us analyze visitor activity on the Site. We may permit these service providers to use cookies and other technologies to perform these services for Craft. We do not share any personal data about our customers with these third party service providers, and these service providers do not collect such information on our behalf. These services include:

  • Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Service. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/. You may also download the Google Analytics opt-out browser add on, available here.
  • Lucky Orange, a usage analysis service we use to help improve usability and the customer experience. To view and manage data that Lucky Orange has collected about you on our behalf, or to opt out of future tracking please visit its data privacy management tool here: https://privacy.luckyorange.com.


Some parts of our Service may include social media features, such as the Facebook “like” button, and widgets, such as the “share this” button. These social media features are either hosted by a third party or hosted directly on our Service. When you use these tools, the party that provides the tool, the third party that operates the social media services, and/or we may receive information about you. By using these tools or by communicating with us through social media services, you acknowledge that some information, including personal information, from your social media services will be transmitted to us, and that information is therefore is covered by this Privacy and Security Policy, and some information, including personal information, may be shared with the third party services, and that information is therefore governed by their privacy policies.


When we interact with you on social media services, the information you share with us which can be seen by anyone other than you, us and the relevant social media service is not covered by this Privacy and Security Policy. Only information you share with us privately (i.e., through direct messages, private chat, etc.) is covered by this Privacy and Security Policy.


Finally, you can also register with our Service and create a Service account via certain third-party services such as LinkedIn (each, an “SNS Account”), if and when such functionality is available. If you choose to create a Service account through one of your SNS Accounts, you may have to provide us with your username (or user ID) so that your identity can be authenticated by the SNS Account. When the authentication is complete, we’ll be able to link your account with the SNS Account. That linking may allow us to access certain personal data, such as your name and email address, your user ID for the SNS Account, data tokens used to implement single sign-on and connect with your SNS Account profile, and other personal data that your privacy settings on the SNS Account permit us to access, in connection with creating your Service account. We don’t receive or store passwords for any of your SNS Accounts.


4. Disclosure of your information.


Craft may disclose your personal information: 

  •  to third-party contractors that provide services (e.g. email notifications or hosting services) to Craft and are bound by these same privacy restrictions;
  • to the third-party analytics providers identified in Section 3, although in this case we will disclose only information your browser automatically provides, not personally identifiable information like your name, email address, or similar contact information;
  • or to an acquirer as indicated in Section 5. 


Craft also reserves the right (and you authorize Craft) to share or disclose your personal information when Craft determines, in its sole discretion, that the disclosure of such information is necessary or appropriate:

  • To enforce our rights against you or in connection with a breach by you of this Privacy and Security Policy or the Craft.co Terms of Use;
  • To prevent prohibited or illegal activities; or
  • When required by any applicable law, rule regulation, subpoena or other lawful request of public authorities, including to meet national security or law enforcement requirements.


When we disclose personal information for these purposes, we can’t necessarily predict who the recipients may be, but could include law enforcement agencies, national security agencies, our lawyers, and courts.


5. Your data may be transferred upon change of control but only in accordance with this Policy.


Personal information may be transferred to a third party as a result of a sale, acquisition, merger, reorganization or other change of control. If we sell, merge or transfer any part of our business, part of the sale may include your personal information. If so, you will be asked if you'd like to stop receiving promotional information following any change of control.


6. You can delete your data.


When you request us to delete your account for the Service, your data will be permanently expunged from our primary production servers and further access to your account will not be possible. We will also promptly disconnect any connection we had established to your Account Information and delete all account credentials. However, portions of your data, consisting of aggregate data derived from your Account Information, may remain on our production servers indefinitely. Your data may also remain on a backup server or media. Craft keeps these backups to ensure our continued ability to provide the Service to you in the event of malfunction or damage to our primary production servers. We also reserve the right to use any aggregated or anonymous data derived from or incorporating your personal information.


7. We use reasonable efforts to secure your data.


We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect Craft.co accounts and systems from unauthorized access.


When you register for the Service, Craft requires a password or SNS Account user ID and data token from you for your privacy and security. Craft transmits information such as your Registration Information for Craft.co or Account Credentials securely.


We store your data in a secure facility. Access requires multiple levels of authentication, including biometrics recognition procedures. Security personnel monitor the system 7 days a week, 24 hours a day.


Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted.


8. Our service promotes secure communications with encryption.


From the time you submit your Login ID and Password or your SNS Account user ID and data token, these communications between your computer and Craft.co are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.


9. You are responsible for maintaining the confidentiality of your Login ID and Password.


We maintain strict rules to help prevent others from guessing your password. Your password must be at least 6 characters in length. You are responsible for maintaining the security of your Login ID and Password. You may not provide these credentials to any third party. If you believe that they have been stolen or been made known to others, you must contact us immediately at privacy@craft.co and you should change your password immediately via the Service. We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy and Security Policy or the Craft.co Terms of Use.


If you have a security related concern, please contact us at privacy@craft.co. We will work closely with you to ensure a rapid and personal response to your concerns.


10. Information for Persons Outside the U.S.


If you use our Site or Service outside of the United States, you understand that we may collect, process, and store your personal information in the United States and other countries. The laws in the U.S. regarding personal information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law.


11. Privacy Shield Frameworks.


Craft complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Craft has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, any rights you may have to binding arbitration before a Privacy Shield Panel, and to view our certification page, please visit https://www.privacyshield.gov.


For information received under the Privacy Shield, Craft will require third parties to whom they disclose personal information to safeguard that personal information consistent with this Policy by contract, obligating those third parties to provide at least the same level of protection as is required by the Privacy Shield Principles. EU citizens may choose to opt-out of such disclosures. We remain responsible in accordance with the Privacy Shield Principles if third parties that we engage to process such personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.


In compliance with the EU-US Privacy Shield Principles, Craft commit to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Craft at privacy@craft.co.


Craft further have committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to binding arbitration through JAMS (Judicial Arbitration & Mediation Services), an independent alternative dispute resolution provider located in the United States and recognized for this purpose by the US Department of Commerce. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information, and to file a complaint.


The Federal Trade Commission has enforcement authority regarding Craft's compliance with the Privacy Shield Principles.


12. We post updates on our website whenever there is a change to our Privacy and Security Policy.


We update this Privacy & Security Policy periodically. The date last revised appears at the top of the Policy. Changes take effect immediately upon posting.


13. Contact us if you have any questions or concerns.


If you have questions, comments, concerns or feedback regarding this Privacy and Security Policy or any other privacy or security concern, please send us an e-mail at privacy@craft.co.