Privacy model

Introduction

This purpose of this document is to explain the data privacy guidelines that Paradime is subject to under various regulations, what that means from a customer perspective and what processes we need to follow.

The Regulations

To enforce that companies follow data privacy best practices, various countries and states in the world have developed various regulations. The main purpose of these regulations is to protect the right and interest of the individuals, whose data (that identifies the person uniquely i.e. PII or personally identifiable data) is being processed by a software vendor and in the performance of its activities further processed downstream by other vendors or sub-processors.

The primary regulations at play currently are:

GDPR (General Data Protection Regulation) - intended to protect the rights of EU and UK citizens
CCPA (California Consumer Privacy Act of 2018) - intened to protect the rights of the residents of California
SCC (Standard Contractual Clauses) - intended to protect the rights of EU and UK citizens when their data is exported / transferred from EU/UK to countries, which the EU does not deem to have the same level of safeguards for example USA. The Standard Contractual Clauses came into being as teh EU/US Privacy Shield was scrapped. The judgment in the Schrems II case issued by the European Court of Justice on Thursday 16 July 2020 found that Privacy Shield framework no longer provides adequate safeguards for the transfer of personal data to the United States from the EEA.

Each of the above regulations has their own definitions but most of the time they mean the same thing just worded differently. The following is our naive attempt to simply the jargon a bit.

In all the above regulations, there are always 3 parties / entities involved as follows:

a customer who is sharing their data by connecting to our systems
we, as software vendor, we are processing that data
we, also sometimes, are passing that data for onward processing to other sub-processors like other B2B SaaS vendors that we use to provide the Paradime platform experience

Thus, the following definitions would apply between us and our customer as follows under the different regulations:

Regulation	Customer	Paradime
GDPR	data controller	data processor
CCPA	business	service provider
SCC	data exporter	data importer

Regulation

Customer

Paradime

GDPR

data controller

data processor

CCPA

business

service provider

SCC

data exporter

data importer

How we process PII?

According to regulations, process means read / access / store / edit / delete / transfer. When a customer uses the Paradime platform, different categories of PII gets processed in different ways as follows:

Type of PII	Kind of processing	Reason
Customer's Employee / Contingent Worker PII	read, access, store, delete, transfer	These are Paradime users. We access this PII data from the Customer's identity provider like Okta, Google SAML, etc. when the user / Customer's employee or contingent worker signs up or logs in to Paradime. The user or us can't edit this information on the Paradime platform.
Customers own customer, prospect, job candidate, pre-prospect website visitor PII	read, access	Paradime is connected to the customers data warehouse and Paradime provides a SQL Workbench feature through which a Paradime user can query their own data warehouse. Depending on how their data warehouse is setup and what permissions the user has, the Customer's own customer data can get read and accessed within the SQL Workbench results tab. But we only hold this data temporarily in the user's web browser memory and not on our servers so upon page refresh the data is erased. This information is never transferred.
Customers own customer data	read, access	Paradime is connected to the customers data warehouse and Paradime provides a SQL Workbench feature through which a Paradime user can query their own data warehouse. Depending on how their data warehouse is setup and what permissions the user has, the Customer's own customer data can get read and accessed within the SQL Workbench results tab. But we only hold this data temporarily in the user's web browser memory and not on our servers so upon page refresh the data is erased. This information is never transferred.

Type of PII

Kind of processing

Reason

Customer's Employee / Contingent Worker PII

read, access, store, delete, transfer

These are Paradime users. We access this PII data from the Customer's identity provider like Okta, Google SAML, etc. when the user / Customer's employee or contingent worker signs up or logs in to Paradime. The user or us can't edit this information on the Paradime platform.

Customers own customer, prospect, job candidate, pre-prospect website visitor PII

read, access

Paradime is connected to the customers data warehouse and Paradime provides a SQL Workbench feature through which a Paradime user can query their own data warehouse. Depending on how their data warehouse is setup and what permissions the user has, the Customer's own customer data can get read and accessed within the SQL Workbench results tab. But we only hold this data temporarily in the user's web browser memory and not on our servers so upon page refresh the data is erased. This information is never transferred.

Customers own customer data

read, access

A more complete list of all the information we process, the legitimate reason for us to do so can be found in our publicly available Privacy Policy.

Data Privacy Addendum

Our Data Privacy Addendum is part of our Master Service Agreement (MSA) and both can found together below:

Read MSA and DAP

Sub-processors

The most up to date list of sub-processors can be found in our publicly available Privacy Policy.

PreviousSecurity model NextFAQs

Last updated 11 months ago