1.2. Data Controller
SMA, Inc., is the data controller for the personal data collected in connection with use of our services worldwide. We process personal data inside and outside of the United States.
- User: Any user of SMA’s TOD® smartphone application (“SMA TOD® app”) or SMA TOD® website, or other SMA websites and business applications
- Associate: Any current or past SMA W-2 employee or SMA independent contractor
- Candidate: Any person currently going through the application process to become an SMA Associate, or any person who previously applied to be an SMA Associate but did not complete the hiring process for whatever reason
- Client: Any employee or representative of a current, past, or potential SMA client company
- SMA Business Systems: SMA’s Talent On Demand (TOD®) platform, via the SMA TOD® smartphone application or SMA TOD® website, and other SMA websites and business applications
1.4. Effective Date
This policy is effective 1 January 2020. SMA reserves the right to update this policy when necessary. For significant changes, we will notify users of the changes through the SMA TOD® app, and by email. Users should periodically review this notice for the latest information on our privacy practices. Use of SMA Business Systems constitutes consent to this policy to the extent allowed by law.
2. What Data We Collect and How We Use It
We collect three categories of data:
- User data, such as an Associate’s TOD® profile data
- TOD® usage data, such a Client building a team, or an Associate following an opportunity
- External data, such as an Associate referring a potential Associate or business opportunity
The following sections provide more detail on these three categories of data and how we use that data.
2.1. User Data
User data include:
- Internal Associate or Candidate TOD® Profile Data: When Associates or Candidates create or update their TOD® accounts, we collect personal data that is used solely by us for employment purposes, i.e. full name, personal email, home and mobile phone numbers, login name and password, home address, professional résumé, language skills and international work permits, and deployment preferences.
- External Associate TOD® Profile Data: When Associates or Candidates create or update their TOD® accounts, we collect personal data that is used internally and shared with our clients for deployment purposes, i.e. professional photograph, professional summary, professional characteristics, employment history, deployment roles, project history, software skills, certifications achieved and training courses undertaken, education, publications and presentations, membership of professional associations, and awards and testimonials received.
- Client TOD® Profile Data: When Clients create or update their TOD® accounts, we collect personal data that we use solely for customer relationship management purposes and to get the best match of our Associates’ skills to Clients’ needs, i.e. full name, job title, company and division, business email, office and mobile phone numbers, login name and password, business address, and SMA business areas of interest.
- Banking Data: For employment purposes and expense reimbursement, we collect an Associate’s Social Security Number (or Employer Identification Number for 1099 Associates), full name, home address, and banking information that we share with our external payroll and expense reimbursement providers.
- Other Personal Data: For employment purposes, we collect electronic copies of an Associate’s government identification documents, including passport and driver’s license numbers and images, birthdate, signature, and vehicle insurance information.
- Background Check and Identity Verification: We collect background check and identity verification information for all candidates during the hiring process. This is collected by an authorized background check and employment verification provider on our behalf.
- Demographic Data: During the hiring process, we collect optional, anonymous demographic data from all candidates for mandatory Equal Employment Opportunity Commission (EEOC) and Voluntary Self-Identification of Disability (US Department of Labor Form CC-305) purposes.
2.2. TOD® and Website Usage Data
- Usage Data Not Collected: Currently, SMA Business Systems do not collect the following usage data: device data (e.g. hardware model, device IP address, operating system and version, software, preferred languages, unique device identifiers, serial numbers, device motion data, and mobile network). However, we reserve the right to collect this data in the future for analytics and reporting and will modify this policy at that time.
- User Communications: We enable users to communicate with each other and SMA headquarters through the TOD® website using approved third-party providers. The data collected include user names, message content, and date and time. Whereas we do not currently collect this data within TOD®, we may do so in the future for analytics and reporting and will modify this policy at that time. We also enable direct communication to Associates via the SMA TOD® app and website, or via text message regarding business operations, for example the status of followed opportunities, upcoming deployments, future availability, SMA policy changes, new features in SMA TOD®, etc.
2.3. External Data
External data and sources include:
- Client feedback on SMA Associates, such as reviews and testimonials.
- Associates referring candidates or client contacts as part of our Employee or Business Referral programs. For example, when an Associate refers another person, we receive the referred person’s personal data from that Associate.
- Our approved third-party providers for payroll, expense reimbursement, and arranging business travel which Associates create as part of their employment with SMA.
- Our approved third-party providers who help us verify a Candidate’s identity, background information, eligibility to work, and security clearance for regulatory and security purposes.
- Publicly available sources, such as LinkedIn profiles.
3. Other Uses of Personal Data
3.1. User Support, Research, and Product Development
We use the collected data to provide user support, including directing questions to the appropriate person at SMA Headquarters, and investigating and addressing user issues. We may use collected data to create anonymous data on Client programs, Associate deployments, and other historical statistics. We may also use collected data to help develop and test new SMA TOD® features.
SMA does NOT sell or share any user’s personal data with third parties for their direct marketing. SMA may use the collected data to market our services to our users. This includes sending Clients communications via email or the SMA TOD® app and website regarding SMA service offerings, and news and events. Clients may opt out of receiving promotional emails from SMA by following the unsubscribe instructions in those emails. We will still send Clients emails essential to normal business operations.
3.3. Cookies and Third-Party Technologies
4. Data Retention, Deletion, and Requests
A user who is a former Associate, a Candidate who did not complete the hiring process to become an SMA Associate, or a past Client may request deletion of their account at any time by emailing that request to firstname.lastname@example.org. On receipt of this request, we delete the data that we do not need to retain for purposes of normal business operational history, or other legal requirements.
Any users can request a copy of the data that we have collected from them at any time by emailing that request to email@example.com.