Last Updated on May 10, 2022
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- The California Online Privacy Protection Act (CalOPPA)
- The California Consumer Privacy Act (CCPA)
- Europe’s General Data Protection Regulation (GDPR)
- Australia’s Privacy Act
- The UK’s Data Protection Act
Roles and Responsibilities
The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules Data Protection Regulation (Regulation (EU) 2018/1725).
The DPO has to ensure that the data protection rules are respected in cooperation with the data protection authority (for the EU institutions and bodies, this is the EDPS). In the EU institution and bodies, the DPO must:
- Ensure that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness about them;
- Give advice and recommendations to the institution about the interpretation or application of the data protection rules;
- Create a register of processing operations within the institution and notify the EDPS those that present specific risks (so-called prior checks);
- Ensure data protection compliance within her institution and help the latter to be accountable in this respect.
- Handle queries or complaints on request by the institution, the controller, other person(s), or on her own initiative;
- Cooperate with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.);
- Draw the institution’s attention to any failure to comply with the applicable data protection rules.
1. WHAT USER INFORMATION DO WE COLLECT?
We collect personal information that the user provided to us by the client organization as per the service agreement for our products and services, when the users participate in activities on HiFives platform (such as by posting messages in our online forums) or otherwise when the user contacts us.
The personal information that we collect depends on the context of the service agreement signed by the client, the choices made and the products and features used. The personal information we collect may include the following:
- Personal Information Collected
- Employee Full Name
- Employee Profile Picture (optional)
- Employee Code/ Number
- Employee Official Email Address
- Application Password (not required in case of single sign on)
- Employee Country Employee mobile number (optional)
- Employee date of birth (optional)
- Employee date of joining the organization (optional)
- Employee wedding date (optional)
- Payment Data
We do not collect any data necessary to process payments such as the user’s payment instrument number (such as a credit card number), and the security code associated with the payment instrument.
- 3rd Party Login Data
We may provide users with the option to register with us using existing 3rd party account details, like Google Workspace, Office 365 or Apple. If the user chooses to register this way, we will collect the information described in the section called “HOW DO WE HANDLE 3RD PARTY LOGINS?” below.
All personal information that the user provides to us must be true, complete and accurate, and the user must notify us of any changes to such personal information.
- Information collected automatically
Some information — such as the user’s Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when the user visits our Website or application.
We automatically collect certain information when the user visits, uses or navigates the Website or application. This information does not reveal the user’s specific identity (like the user’s name or contact information) but may include device and usage information, such as the user’s IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when the user uses our Website or Application, and other technical information. This information is primarily needed to maintain the security and operation of our Website or Application, and for our internal analytics and reporting purposes.
The information we collect includes:
- Log and Usage Data.
Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when the user accesses or uses our Website or Application and which we record in log files. Depending on how the user interacts with us, this log data may include the user’s IP address, device information, browser type and settings and information about the user’s activity on the Website/ Application (such as the date/time stamps associated with the user’s usage, pages and files viewed, searches and other actions the user take such as which features the user use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).
- Location Data.
We collect location data such as information about the user’s device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device the user uses to access the Website.
For example, we may use GPS and other technologies to collect geo-location data that tells us the user’s current location (based on the user’s IP address). The user can opt out of allowing us to collect this information either by refusing access to the information or by disabling the user’s Location setting on the user’s device. Note however, if the user chooses to opt out, the user may not be able to use certain aspects of the Services.
2. HOW DO WE USE THE USER’S INFORMATION?
We process the user’s information for purposes based on legitimate business interests, the fulfillment of our contract with the user’s organization, compliance with our legal obligations, and/or the user’s consent.
We use personal information collected via our Website/ Application for a variety of business purposes described below. We process the user’s personal information for these purposes in reliance on our legitimate business interests in order to enter into or perform a contract with the user’s organization, with the user’s consent, and/or in compliance with our legal obligations.
We indicate the specific processing grounds we rely on next to each purpose listed below.
- We use the information we collect or receive:
To facilitate account creation and logon process. If the user choose to link the user’s account with us to a third-party account (such as the user’s Google Workspace or Office 365account), we use the information the user allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract. See the section below headed “HOW DO WE HANDLE THE USER’S 3RD PARTY LOGINS?” for further information.
- To post testimonials.
We post testimonials on our Website that may contain personal information. Prior to posting a testimonial, we will obtain the user’s consent to use the user’s name and the content of the testimonial. If the user wish to update, or delete the user’s testimonial, please contact us at email@example.com and be sure to include the user’s name, testimonial location, and contact information.
- Request feedback.
We may use the user’s information to request feedback and to contact the user about the user’s use of our Website.
- To enable user-to-user communications.
We may use the user’s information in order to enable user-to-user communications with each user’s consent.
- To manage user accounts.
We may use the user’s information for the purposes of managing our account and keeping it in working order.
- To send administrative information to the user.
We may use the user’s personal information to send the user product, service and new feature information and/or information about changes to our terms, conditions, and policies.
- To protect our Services.
We may use the user’s information as part of our efforts to keep our Website/ Application safe and secure (for example, for fraud monitoring and prevention).
- To enforce our terms, conditions and policies for business purposes,
To comply with legal and regulatory requirements or in connection with our contract.
- To respond to legal requests and prevent harm.
If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Fulfill and manage the user’s orders.
We may use the user’s information to fulfill and manage the user’s orders or cancelations made through the Website/ Application.
- To deliver and facilitate delivery of services to the user.
We may use the user’s information to provide the user with the requested service.
- To respond to user inquiries/offer support to users.
We may use the user’s information to respond to the user’s inquiries and solve any potential issues the user might have with the use of our Services.
- We do not send any marketing and promotional communications to the users
- We do not deliver any kind of advertising to the users.
3. WILL THE USER’S INFORMATION BE SHARED WITH ANYONE?
We only share information with the user’s consent, to comply with laws, to provide the user with services, to protect the user’s rights, or to fulfill business obligations.
We may process or share the user’s data that we hold based on the following legal basis:
Consent: We may process the user’s data if the user has given us specific consent to use the user’s personal information for a specific purpose.
Legitimate Interests: We may process the user’s data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with the user’s organization, we may process the user’s personal information to fulfill the terms of our contract.
Legal Obligations: We may disclose the user’s information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose the user’s information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process the user’s data or share the user’s personal information in the following situations:
Business Transfers. We may share or transfer the user’s information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates. We may share the user’s information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
Business Partners. We may share the user’s information with our business partners to offer the user certain products, services or promotions.
What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies.
The user can prevent the setting of cookies by adjusting the settings on the user’s browser (see the user’s browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that the user visits. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that the user do not disable cookies.
The Cookies We Set
- Account related cookies
- Log-in related cookies
- Email newsletter related cookies:
This site offers newsletter or email subscription services and cookies may be used to remember if the user are already registered and whether to show certain notifications which might only be valid to subscribe/unsubscribed users.
- Orders processing related cookies
This site offers e-commerce or payment facilities, and some cookies are essential to ensure that the user’s order is remembered between pages so that we can process it properly.
- Surveys related cookies
- Forms related cookies
When the user submit data to through a form such as those found on contact pages or comment forms, cookies may be set to remember the user’s user details for future correspondence.
- Site preferences cookies
In order to provide the user with a great experience on this site, we provide the functionality to set the user’s preferences for how this site runs when the user use it. In order to remember the user’s preferences, we need to set cookies so that this information can be called whenever the user interact with a page is affected by the user’s preferences.
Third Party Cookies
- This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how the user use the site and ways that we can improve the user’s experience. These cookies may track things such as how long the user spends on the site and the pages that the user visits so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
- Third-party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long the user spend on the site or pages the user visits which helps us to understand how we can improve the site for the user.
- From time to time, we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that the user receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
- As we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to the user as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
- We also use social media buttons and/or plugins on this site that allow the user to connect with the user’s social network in various ways. For these to work the following social media sites including;
These will set cookies through our site, which may be used to enhance the user’s profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
However if the user is still looking for more information then the user can contact us through email: firstname.lastname@example.org
6. HOW DO WE HANDLE THE USER’S 3RD PARTY LOGINS?
If the user chooses to register or log in to our services using a 3rd Party account, we may have access to certain information about the user.
Our Application offers the user the ability to register and login using the user’s third-party social media account details (like the user’s Google Workspace login etc.). Where the user chooses to do this, we will receive certain profile information about the user from the user’s social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include the user’s name, email address, friends list, profile picture as well as other information the user choose to make public on such social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to the user on the relevant Website. Please note that we do not control, and are not responsible for, other uses of the user’s personal information by the user’s third-party login provider. We recommend that the user review their privacy notice to understand how they collect, use and share the user’s personal information, and how the user can set the user’s privacy preferences on their sites and apps.
7. HOW LONG DO WE KEEP THE USER’S INFORMATION?
We keep the user’s information for as long as necessary to fulfil the purposes outlined in the contract with the user’s organization unless otherwise required by law.
When we have no ongoing legitimate business need to process the user’s personal information, we will delete such information securely.
8. HOW DO WE KEEP THE USER’S INFORMATION SAFE?
We aim to protect the user’s personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures (under the ISO 270001 framework) designed to protect the security of any personal information we process.
Our safeguards and efforts to secure the user’s information helps minimize the risk that hackers, cybercriminals, or other unauthorized third parties will not be able to improperly collect, access, steal, or modify the user’s information.
9. DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Website/ Application, the user represent that the user are at least 18 or that the user are the parent or guardian of such a minor and consent to such minor dependent’s use of the Website.
If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If the user becomes aware of any data we may have collected from children under age 18, please contact us at email@example.com.
10. WHAT ARE THE USER PRIVACY RIGHTS?
In some regions, such as the European Economic Area (EEA) and United Kingdom (UK), the user have rights that allow the user greater access to and control over the user’s personal information. The user may review, change, or terminate the user’s account at any time.
In some regions (like the EEA and UK), the user have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of the user’s personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of the user’s personal information; and (iv) if applicable, to data portability. In certain circumstances, the user may also have the right to object to the processing of the user’s personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on the user’s consent to process the user’s personal information, the user has the right to withdraw the user’s consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of the user’s personal information conducted in reliance on lawful processing grounds other than consent.
If the user is a resident in the EEA or UK and the user believe we are unlawfully processing the user’s personal information, the user also have the right to complain to the user’s local data protection supervisory authority. The user can find their contact details here:https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html
If the user are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html
If the user have questions or comments about the user’s privacy rights, the user may email us at firstname.lastname@example.org.
If the user would at any time like to review or change the information in the user’s account or terminate the user’s account, the user can:
Contact us using the contact information provided.
Opting out of email marketing. We do send email marketing messages in general. The user can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. The user will then be removed from the marketing email list — however; we may still communicate with the user, for example, to send the user service-related emails that are necessary for the administration and use of the user’s account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, the user may contact us over email at email@example.com
11. CONTROLS FOR DO-NOT-TRACK FEATURES
12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
Yes, if the user is a resident of California, the user are granted specific rights regarding access to the user’s personal information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If the user are a California resident and would like to make such a request, please submit the user’s request in writing to us using the contact information provided below.
If the user are under 18 years of age, reside in California, and have a registered account with the Website, the user have the right to request removal of unwanted data that the user publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with the user’s account and a statement that the user reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).
CCPA Privacy Notice
The California Code of Regulations defines a “resident” as:
(1 ) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as “non-residents.”
If this definition of “resident” applies to the user, we must adhere to certain rights and obligations regarding the user’s personal information.
What categories of personal information do we collect?
We have collected the following categories of personal information in the past twelve (12) months:
|A. Identifiers||Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name||YES|
|B. Personal information categories listed in the California Customer Records statute||Name, contact information, education, employment, employment history and financial information||YES|
|C. Protected classification characteristics under California or federal law||Gender and date of birth||NO|
|D. Commercial information||Transaction information, purchase history, financial details and payment information||NO|
|E. Biometric information||Fingerprints and voiceprints||NO|
|F. Internet or other similar network activity||Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements||NO|
|G. Geolocation data||Device location||NO|
|H. Audio, electronic, visual, thermal, olfactory, or similar information||Images and audio, video or call recordings created in connection with our business activities||NO|
|l. Professional or employment-related information||Business contact details in order to provide the user our services at a business level, job title as well as work history and professional qualifications if the user apply for a job with us||NO|
|J. Education Information||Student records and directory information||NO|
|K. Inferences drawn from other personal information||Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics||NO|
We may also collect other personal information outside of these categories instances where the user interacts with us in-person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Facilitation in the delivery of our Services and to respond to the user’s inquiries.
How do we use and share the user’s personal information?
The user may contact us by email at firstname.lastname@example.org, or by referring to the contact details at the bottom of this document.
If the user are using an authorized agent to exercise the user’s right to opt-out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on the user’s behalf.
Will the user’s information be shared with anyone else?
We may disclose the user’s personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf. We may use the user’s personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of the user’s personal data.
HiFives has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. HiFives will not sell personal information in the future belonging to website visitors, users and other consumers.
The user’s rights with respect to the user’s personal data
Right to request deletion of the data – Request to delete
The user can ask for the deletion of the user’s personal information. If the user ask us to delete the user’s personal information, we will respect the user’s request and delete the user’s personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.
Right to be informed – Request to know
Depending on the circumstances, the user have a right to know:
- whether we collect and use the user’s personal information;
- the categories of personal information that we collect;
- the purposes for which the collected personal information is used;
- whether we sell the user’s personal information to third parties;
- the categories of personal information that we sold or disclosed for a business purpose;
- the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
- the business or commercial purpose for collecting or selling personal information.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy rights
We will not discriminate against the user if the user exercise the user’s privacy rights.
Upon receiving the user’s request, we will need to verify the user’s identity to determine the user is the same person about whom we have the information in our system. These verification efforts require us to ask the user to provide the information so that we can match it with the information the user have previously provided us. For instance, depending on the type of request the user submit, we may ask the user to provide certain information so that we can match the information the user provide with the information we already have on file, or we may contact the user through a communication method (e.g. phone or email) that the user have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in the user’s request to verify the user’s identity or authority to make the request. To the extent possible, we will avoid requesting additional information from the user for the purposes of verification. If, however, we cannot verify the user’s identity from the information already maintained by us, we may request that the user provide additional information for the purposes of verifying the user’s identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying the user.
Other Privacy Rights
- the user may object to the processing of the user’s personal data
- the user may request correction of the user’s personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data
- the user can designate an authorized agent to make a request under the CCPA on the user’s behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on the user’s behalf in accordance with the CCPA.
- the user may request to opt-out from future selling of the user’s personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.
To exercise these rights, the user can contact us by email at email@example.com, or by referring to the contact details at the bottom of this document. If the user has a complaint about how we handle the user’s data, we would like to hear from the user.
12. DO WE MAKE UPDATES TO THIS NOTICE?
Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify the user either by prominently posting a notice of such changes or by directly sending the user a notification. We encourage the user to review this privacy notice frequently to be informed of how we are protecting the user’s information.
If the user has questions or comments about this notice, the user may email us at firstname.lastname@example.org or to our concerned personnel:
Anilkumar S Kalyane
Data Protection Officer (DPO)
14. HOW CAN THE USER REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM THE USER?
Based on the applicable laws of the user’s country, the user may have the right to request access to the personal information we collect from the user, change that information, or delete it in some circumstances. To request to review, update, or delete the user’s personal information, please email us at email@example.com