Data Protection Policy

Last updated

January 2019

Definitions

1. Data protection principles

The Company is committed to processing data in accordance with its responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be:

• processed lawfully, fairly and in a transparent manner in relation to individuals;
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

2. General provisions

• This policy applies to all personal data processed by the Company.
• The Responsible Person shall take responsibility for the Company’s ongoing compliance with this policy.
• This policy shall be reviewed at least annually.
• The Company shall register with the Information Commissioner’s Office as an organisation that processes personal data.

3. Lawful, fair and transparent processing

• To ensure its processing of data is lawful, fair and transparent, the Company shall maintain a Register of Systems.
• The Register of Systems shall be reviewed at least annually.
• Individuals have the right to access their personal data and any such requests made to the Company shall be dealt with in a timely manner.

4. Lawful purposes

• All data processed by the Company must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
• The Company shall note the appropriate lawful basis in the Register of Systems.
• Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
• Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Company’s systems.

5. Data minimisation

• The Company shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

6. Accuracy

• The Company shall take reasonable steps to ensure personal data is accurate.
• Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

7. Archiving / removal

• To ensure that personal data is kept for no longer than necessary, the Company shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
• The archiving policy shall consider what data should/must be retained, for how long, and why.

8. Security

• The Company shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
• Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
• When personal data is deleted this should be done safely such that the data is irrecoverable.
• Appropriate back-up and disaster recovery solutions shall be in place.

9. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

This privacy policy sets out how HeyHub uses and protects any information that you give us when you use this website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following privacy policy, which together with our terms and conditions of use, govern HeyHub’s relationship with you in relation to this website. HeyHub is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. If you submit any data to our site, such as your attendee profile we will use it as part of the mobile application which is publicly viewable. Your Login email is not viewable or accessible publicly. Your password is hashed, which means it is not reversible and not viewable in plain text. However, you may contact us at anytime to delete or change this data. HeyHub may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. HeyHub.com / heyhub.com is owned and operated by HeyHub Limited.

What we collect and how we use it

HeyHub and our Customers that use our Applications to organize and manage meetings and events or to provide other services, may collect several types of information from and about End-Users, including:

"Personal Information" that identifies an End-User as an individual or relates to an identifiable person.  For example, this includes name, organization, title, postal address, e-mail address, telephone number, fax number, social media account ID or other identifiers by which End-Users may be contacted online or offline.  This also may include information that permits End-Users to purchase products or services from HeyHub or from our customers through the Applications, such as credit or debit card number, or other payment account number, as well as applicable expiration dates and billing/shipping addresses;

"Other Information" that does not reveal a person’s identity or directly relate to an individual, on its own or in combination with other information we have collected, such as browser and device information,  operating system, device type, system and performance information, app usage data, information collected through cookies, pixel tags and other technologies, general geographic location, demographic information and other information provided by a person, such as dietary preferences, interests, activities, age, gender, education and occupation. 

HeyHub may also collect Personal Information and Other Information from Customers and Website Visitors.  In some instances, we may combine Other Information with Personal Information (such as combining a Website Visitor’s name with information we gather about this individual’s use of the Websites).  If we combine any Other Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined.

We collect this information:

• Directly from individuals when they provide it to us.
• Automatically from End-Users as they use the Applications, or from Website Visitors as they navigate through the Websites. Information collected automatically may include browser and device information, details regarding use of the Services, IP addresses and information collected through cookies, web beacons and other technologies.
• From third party sources, such as public databases, joint marketing partners, and social media platforms.  For example, if a Website Visitor elects to connect his social media account to his account for our Websites, certain Personal Information from the social media account will be shared with us, which may include Personal Information that is part of the Visitor’s profile or his friends’ profiles.

Information Provided to Us  

The information we collect through our Services may include:

• Information that a person provides when utilizing one of our Services, for instance at the time an End-User registers to attend a meeting being organized by a HeyHub customer (HeyHub Event Registration), uses a web chat function with our sales team or downloads a mobile software application to the End-User’s iPhone or Android device.
• Information that Website Visitors provide by filling in forms on our Websites. This includes information provided at the time of registering to receive product information or white papers, attend online demos, or access other special content on our Websites. We may also ask Customers or Visitors for information when they enter a contest or promotion sponsored by us.
• Information that Customers and End-Users provide when receiving technical or customer account support.  This includes records and copies of Customer and End-User correspondence (including e-mail addresses).
• Responses to surveys that we might ask Customers, End-Users or Website Visitors to complete for research purposes.
• Details of transactions Customers carry out through our Applications and of the fulfilment of Customer orders.
• Records of search queries on our Services.

Some of our Websites allow Visitors to create or post content on message boards, chat, profile pages and blogs and other services to which Visitors are able to post information and materials.  Please note that any information posted or disclosed through these sections of our Websites will become public information, and may be available to other Website Visitors and to the general public.  We urge caution to anyone deciding to disclose their Personal Information, or any other information, on our Websites. Anyone submitting Personal Information relating to other people to HeyHub in connection with the Services represents that they have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

How We Use Information

We may use information that we collect or that is provided to us, including Personal Information, for any of the following purposes:

• To present our Services and their contents.
• To provide End-Users with information, products, or services they request from HeyHub or our Customers using our Applications, for example by processing event registrations, enrolling End-Users in programs in which they choose to participate, or providing End-Users with mobile application access for a meeting organized by a Customer.
• To manage Application accounts, provide customer service, and process payments for purchases by End-Users.
• To provide Customers with notices about their HeyHub accounts, including expiration and renewal notices.
• To notify Customers and End-Users about changes to our Services, any products or services we offer or provide though our Services, our terms and conditions applicable to the Services, or this Privacy Policy.
• To communicate with Customers and Visitors by e-mail, postal mail, telephone and/or mobile devices about products or services that may be of interest and that are offered by us, our affiliated companies or other third parties.
• To allow Customers and Visitors to participate in online product demos, surveys, and online sweepstakes or contests (including to verify participant eligibility and deliver prizes), access and download materials, and use other interactive features on our Services.
• To better tailor Website experience to Visitors interests, Application experience to End-User or Customer interests, and display content according to user preferences.
• To facilitate social sharing functionality.
• To perform research and analyze use of, or interest in, our products, services or content (or products, services or content offered by others on our Website).
• For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
• As we believe to be necessary or appropriate:  (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to carry out our obligations and enforce our terms and conditions applicable to the Services and other agreements, including for billing and collection purposes; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) to protect against or identify fraudulent transactions.  This includes exchanging information with other companies and organizations where reasonably necessary for the purposes of fraud protection and credit risk reduction.
• In any other way we may describe when you provide the information.
• To fulfill any other purpose for which you provide it or with your consent.
  • We may also use contact information of Customers and Visitors to contact them via email, telephone or direct mail about products and services that may be of interest to them.  Where required, we will seek and obtain recipients’ express authorization before we send marketing emails.  If you do not want us to use your information in this way, please adjust your email preferences on the profile page that is accessible by clicking the unsubscribe link provided at the bottom of emails you receive from us.  For more information, see Choices About How We Use and Disclose Your Information. 

Security
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Usage Statistics
HeyHub will collect general anonymous data on site usage statistics such as page access, duration of stay, browser or device type. This data is provided by default by your operating internet browser or phone carrier and is collected directly by HeyHub or through other 3-rd party tools such as Google Analytics. HeyHub also reserves the right to use usage statistics on marketing and publicly available material.

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information
You may choose to restrict the collection or use of your personal information; if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at hey@heyhub.com We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

The purpose of this Policy is to govern our use of information we may learn about you when you visit our web site (the “Site”). In addition to our Policy, the Site is subject to the Terms of Use which governs in any conflict with this Policy. We may change this Policy at any time by notifying you of a new effective date.

Combining Information and Contractors. We may combine the information that we collect from you on our Site with information that you provide to us in connection with your use of our other products, services and web sites. We may use third party web site management and advertising contractors (the “Contractors”) to deliver advertisements to you on our behalf, contact you on our behalf, facilitate our site’s services, fulfill your purchase requests, or to otherwise help us in providing the site. We may provide these contractors with your personally identifiable information solely for the purpose of providing these services to us or on our behalf. These Contractors may not disclose your information in violation of this Policy, which does not restrict Contractors disclosing your Internet protocol address, geographic location, Internet browser, network and connection, referring sites, ads and key words used to arrive at the Site, pages you visited and time spent on the Site, your Internet host, operating system and connection speed, and additional information regarding your use of the Site.

Collection, Use and Disclosure. We may use your information to contact you regarding a transaction you have made on our Site. We also collect general data to analyze statistics on our Site’s user visits, purchases (if any), backgrounds and demographics, which we only release to others on an aggregate basis that does not reveal your personal information without your approval, except to: (1) the Companies; (2) the Contractors; (3) a company that may acquire our Site or controlling equity shares in our company, and (4) others when necessary to enforce the Terms of Use, any agreement we may have with you, or when we believe we are required to do so by law. We use this data to enhance our provision of services to you and our users, to improve our Site to best meet your interests, to measure visits to different areas of our Site, to contact you regarding updates to HeyHub features that you use and to verify the number of users that have seen or clicked advertising on our Site.

Children. Our Site is not intended for children under the age of 13 years of age. We do not knowingly collect information from children under the age of 13. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our privacy policy by instructing their children to never provide information on our Site.

Cookies. Our Site may place a “cookie” in the browser files of your computer. This cookie does not collect information that personally identifies you as an individual (other than your Internet protocol address), but merely allows us to recognize your repeated visits to our Site. We use our cookie collected information to make your visit to our Site more enjoyable. If you want to disable cookies, there is a simple procedure in most Internet browsers that allows you to turn off or delete cookies, but please remember that cookies may be required to allow you to use certain features of our Site.

Links. Our Site may contain links to other websites. We do not control these other websites, and you should consult those other web sites’ privacy policies regarding their use of your information. Our Site may also contain advertising. When you click on an advertisement, the advertiser may be able to collect information on you and any additional information you provide. We do not control these advertisers’ collection and use of this information.

1. CHOICE

Opt Out. We may contact you for a marketing purpose. You can opt out of receiving such communications in the future per our instructions contained in our correspondence to you. You can also delete your user account at any time.

Necessary Communications. Notwithstanding your choice to opt out of receiving marketing information, we of course reserve the right to contact you regarding this Policy, the Terms of Use, your account status, your orders, and any other matters relevant to your use of the Site.

2. ACCESS

You can access your Site profile at your convenience to revise or correct errors in your personal information (unless such revisions or corrections may compromise privacy or security concerns).

3. SECURITY

Security Measures. We maintain security measures to protect your personal information from unauthorized access, misuse or disclosure.

Sharing. You should remember that when you use our Site to post comments and share additional information, any information that you provide is not secure and can be collected and used by others. As a result, you should exercise caution before you make such disclosures.