Last Updated on Nov 23, 2023

Data Privacy Policy Purpose

This Data Privacy Policy describes how we collect and use  personal information in relation to HiFives websites, applications, products, services, events, and experiences that reference this Privacy Notice (together, “HiFives”). This data privacy policy helps build trust and confidence in our customers and helps us comply with the relevant data privacy laws and regulations in various jurisdictions including the following:

  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Online Privacy Protection Act (CalOPPA)
  • The California Consumer Privacy Act (CCPA)
  • Europe’s General Data Protection Regulation (GDPR)
  • Australia’s Privacy Act
  • The UK’s Data Protection Act


This data privacy policy is applicable to  All HiFives websites, applications, and services.

Roles and Responsibilities

The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules Data Protection Regulation (Regulation (EU) 2018/1725). The DPO has to ensure that the data protection rules are respected in cooperation with the data protection authority (for the EU institutions and bodies, this is the EDPS). In the EU institution and bodies, the DPO must:

  • Ensure that controllers and data subjects are informed about their data protection rights, obligations, and responsibilities. Also, raise awareness about them.
  • Give advice and recommendations to the institution about the interpretation or application of the data protection rules;
  • Create a register of processing operations within the organization. Notify the EDPS of those that present specific risks (so-called prior checks);
  • Ensure data protection compliance within her institution and help the latter to be accountable in this respect.
  • Handle queries or complaints on request by the institution, the controller, other person(s), or on her own initiative;
  • Cooperate with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.);
  • Draw the institution’s attention to any failure to comply with the applicable data protection rules.



We collect personal information provided to us by the user or the client organization as per the service agreement for our products and services. This happens when the users participate in activities on the HiFives platform (such as by posting messages in our online forums) or otherwise when the user contacts us. The personal information that we collect depends on the  service agreement signed by the client and the products and features used. The personal information we collect may include the following:

  • Personal Information Collected
    1. Employee Full Name
    2. Profile Picture (optional)
    3. Employee Code/ Number
    4. Official Email Address
    5. Application Password (not required in case of single sign-on)          
    6. Employee Country
    7. Employee mobile number (optional)
    8. Date of birth (optional)
    9. Date of joining the organization (optional)
    10. Wedding date (optional)
  • Payment Data

We do not collect any data such as the user’s payment instrument (such as credit card) number, or the security code associated.

  • 3rd Party Login Data

We may provide users with the option to register with us using existing 3rd party accounts like Google Workspace, Office 365, or Apple. If the user chooses to register this way, we collect information described in the section  “HOW DO WE HANDLE 3RD PARTY LOGINS?”. All personal information that the user provides must be true, complete, and accurate. The user must notify us of any changes to such personal information.

  • Information collected automatically

Information such as the user’s Internet Protocol (IP) address and/or browser and device characteristics are collected automatically when the user visits our Website or application. We automatically collect certain information when the user visits, uses, or navigates the Website or application. This information does not reveal the user’s specific identity (like the user’s name or contact information). But it may include device and usage information, such as the user’s IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when the user uses our Website or Application, and other technical information. This information is primarily needed to maintain the security and operation of our Website or Application, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies. The user can find out more about this in our COOKIE POLICY. The information we collect includes:

  1. Log and Usage Data.

Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when the user accesses or uses our Website or Application which we record in log files. Depending on how the user interacts with us, this log data may include the user’s IP address, device information, browser type and settings and information about the user’s activity on the Website/ Application (such as the date/time stamps associated with the user’s usage, pages and files viewed, searches and other actions the user take such as which features the user use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).

  1. Location Data.

We collect location data such as information about the user’s device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device the user uses to access the Website. For example, we may use GPS and other technologies to collect geo-location data that tells us the user’s current location (based on the user’s IP address). The user can opt out of allowing us to collect this information either by refusing access to the information or by disabling the user’s Location setting on the user’s device. Note however, that if the user chooses to opt out, the user may not be able to use certain aspects of the Services.


HiFives processes the user’s information for purposes based on legitimate business interests, the fulfillment of our contract with the user’s organization, compliance with our legal obligations, and/or the user’s consent. We use personal information collected via our Website/ Application for a variety of business purposes described below. HiFives processes the user’s personal information for these purposes in reliance on our legitimate business interests in order to enter into or perform a contract with the user’s organization, with the user’s consent, and/or in compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

  1. We use the information we collect or receive:

To facilitate account creation and logon process. If the user chooses to link the user’s account with us to a third-party account (such as the user’s Google Workspace or Office 365account), we use the information the user allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract. See the section below “HOW DO WE HANDLE THE USER’S 3RD PARTY LOGINS?” for further information.

  • Post testimonials.

We post testimonials on our Website that may contain personal information. Prior to posting a testimonial, we will obtain the user’s consent to use the user’s name and the content of the testimonial. If the user wishes to update, or delete the user’s testimonial, please contact us at and be sure to include the user’s name, testimonial location, and contact information.

  • Request feedback.

Use the user’s information to request feedback and to contact the user about the user’s use of our Website.

  • Enable user-to-user communications.

We may use the user’s information in order to enable user-to-user communications with each user’s consent.

  • Manage user accounts.

May use the user’s information for the purposes of managing our account and keeping it in working order.

  • Send administrative information to the user.

We may use the user’s personal information to send the user product, service, and new feature information and/or information about changes to our terms, conditions, and policies.

  • Protect our Services.

May use the user’s information as part of our efforts to keep our Website/ Application safe and secure (for example, for fraud monitoring and prevention).

  • Enforce our terms, conditions, and policies for business purposes,

To comply with legal and regulatory requirements or in connection with our contract.

  1. Respond to legal requests and prevent harm.

If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

  • Fulfill and manage the user’s orders.

Use the user’s information to fulfill and manage the user’s orders or cancelations made through the Website/ Application.

  • Deliver and facilitate delivery of services to the user.

May use the user’s information to provide the user with the requested service.

  • Respond to user inquiries/offer support to users.

Use the user’s information to respond to the user’s inquiries and solve any potential issues the user might have with the use of our Services.

  • We do not send any marketing and promotional communications to the users
  • We do not deliver any kind of advertising to the users.


We only share information with the user’s consent, to comply with laws, to provide the user with services, to protect the user’s rights, or to fulfill business obligations. We may process or share the user’s data that we hold based on the following legal basis: Consent: We may process the user’s data if the user has given us specific consent to use the user’s personal information for a specific purpose.

Legitimate Interests: We may process the user’s data when it is reasonably necessary to achieve our legitimate business interests.

Performance of a Contract: Where we have entered into a contract with the user’s organization, we may process the user’s personal information to fulfill the terms of our contract.

Legal Obligations: We may disclose the user’s information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

Vital Interests: We may disclose the user’s information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved. More specifically, we may need to process the user’s data or share the user’s personal information in the following situations:

Business Transfers. We may share or transfer the user’s information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates. We may share the user’s information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Business Partners. We may share the user’s information with our business partners to offer the user certain products, services, or promotions.


We may use cookies and other tracking technologies to collect and store the user’s information. We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how the user can refuse certain cookies is set out in our ‘COOKIE POLICY’.


What Are Cookies As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to the user’s computer, to improve the user’s experience. This page describes what information they gather, how we use it, and why we sometimes need to store these cookies. We will also share how the user can prevent these cookies from being stored; however, this may downgrade or ‘break’ certain elements of the site functionality. For more general information on cookies see the Wikipedia article on HTTP Cookies. How We Use Cookies We use cookies for a variety of reasons detailed below. Unfortunately, in most cases, there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that the user leave all cookies if the user is not sure whether the user needs them or not in case they are used to provide a service that the user uses. Disabling Cookies The user can prevent the setting of cookies by adjusting the settings on the user’s browser (see the user’s browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that the user visits. Disabling cookies will usually result in also disabling certain functionalities and features of this site. Therefore it is recommended that the user not disable cookies. The Cookies We Set

  • Account related cookies 

If the user has an account with us, then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when the user logs out; however, in some cases, they may remain afterwards to remember the user’s site preferences when logged out.

  • Login related cookies 

We use cookies when the user is logged in so that we can remember this fact. This prevents the user from having to log in every single time the user visits a new page. These cookies are typically removed or cleared when the user logs out to ensure that the user can only access restricted features and areas when logged in.

  • Email newsletter related cookies: 

This site offers newsletter or email subscription services and cookies may be used to remember if the user is already registered and whether to show certain notifications that might only be valid to subscribe/unsubscribed users.

  • Orders processing related cookies

This site offers e-commerce or payment facilities, and some cookies are essential to ensure that the user’s order is remembered between pages so that we can process it properly.

  • Surveys related cookies

From time to time, we offer user surveys and questionnaires to provide the user with interesting insights, and helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide the user with accurate results after the user changes pages.

  • Forms related cookies

When the user submits data to through a form such as those found on contact pages or comment forms, cookies may be set to remember the user’s user details for future correspondence.

  • Site preferences cookies

In order to provide the user with a great experience on this site, we provide the functionality to set the user’s preferences for how this site runs when the user uses it. In order to remember the user’s preferences, we need to set cookies so that this information can be called whenever the user interacts with a page that is affected by the user’s preferences. Third-Party Cookies In some special cases, we also use cookies provided by trusted third parties. The following section details which third-party cookies the user might encounter through this site.

  • This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web to help us understand how the user uses the site and ways that we can improve the user’s experience. These cookies may track things such as how long the user spends on the site and the pages that the user visits so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

  • Third-party analytics are used to track and measure the usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long the user spends on the site or pages the user visits which helps us to understand how we can improve the site for the user.
  • From time to time, we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that the user receives a consistent experience whilst on the site ensuring we understand which optimisations our users appreciate the most.
  • As we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase, and as such this is the kind of data that these cookies will track. This is important to the user as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
  • We also use social media buttons and/or plugins on this site that allow the user to connect with the user’s social network in various ways. For these to work the following social media sites including;
  • Facebook
  • Twitter
  • Instagram
  • LinkedIn

These will set cookies through our site, which may be used to enhance the user’s profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies. More Information However if the user is still looking for more information then the user can contact us through email:


If the user chooses to register or log in to our services using a 3rd Party account, we may have access to certain information about the user. Our Application offers the user the ability to register and log in using the user’s third-party social media account details (like the user’s Google Workspace login etc.). Where the user chooses to do this, we will receive certain profile information about the user from the user’s social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include the user’s name, email address, friends list, profile picture as well as other information the user chooses to make public on such social media platform. We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to the user on the relevant Website. Please note that we do not control, and are not responsible for, other uses of the user’s personal information by the user’s third-party login provider. We recommend that the user review their privacy notice to understand how they collect, use, and share the user’s personal information, and how the user can set the user’s privacy preferences on their sites and apps.


We keep the user’s information for as long as necessary to fulfil the purposes outlined in the contract with the user’s organization unless otherwise required by law. We will only keep the user’s personal information for as long as it is necessary for the purposes set out in the client contract, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this data privacy policy will require us to keep the user’s personal information for longer than three (3) months past the termination of the user’s account. When we have no ongoing legitimate business need to process the user’s personal information, we will delete such information securely.


We aim to protect the user’s personal information through a system of organizational and technical security measures. We have implemented appropriate technical and organizational security measures (under the ISO 270001 framework) designed to protect the security of any personal information we process. Our safeguards and efforts to secure the user’s information help minimize the risk that hackers, cybercriminals, or other unauthorized third parties will not be able to improperly collect, access, steal, or modify the user’s information.


We do not knowingly collect data from or market to children under 18 years of age. We do not knowingly solicit data from or market to children under 18 years of age. By using the Website/ Application, the user represents that the user is at least 18 or that the user is the parent or guardian of such a minor and consents to such minor dependent’s use of the Website. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If the user becomes aware of any data we may have collected from children under the age of 18, please contact us at


In some regions, such as the European Economic Area (EEA) and the United Kingdom (UK), the user has rights that allow the user greater access to and control over the user’s personal information. The user may review, change, or terminate the user’s account at any time. In some regions (like the EEA and UK), the user has certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of the user’s personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of the user’s personal information; and (iv) if applicable, to data portability. In certain circumstances, the user may also have the right to object to the processing of the user’s personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws. If we are relying on the user’s consent to process the user’s personal information, the user has the right to withdraw the user’s consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of the user’s personal information conducted in reliance on lawful processing grounds other than consent. If the user is a resident in the EEA or UK and the user believes we are unlawfully processing the user’s personal information, the user also has the right to complain to the user’s local data protection supervisory authority. The user can find their contact details here.

If the user is a resident of Switzerland, the contact details for the data protection authorities are available here. If the user has questions or comments about the user’s privacy rights, the user may email us at

Account Information

If the user would at any time like to review or change the information in the user’s account or terminate the user’s account, the user can:  Contact us using the contact information provided. Upon the user’s request to terminate the user’s account, we will deactivate or delete the user’s account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use, and/or comply with applicable legal requirements. Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If the user prefers, the user can usually choose to set the user’s browser to remove cookies and to reject cookies. If the user chooses to remove cookies or reject cookies, this could affect certain features or services of our Website.. For further information, please see our Cookie Policy. Opting out of email marketing.  We do send email marketing messages in general. The user can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. The user will then be removed from the marketing email list — however; we may still communicate with the user, for example, to send the user service-related emails that are necessary for the administration and use of the user’s account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, the user may contact us over email at


Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting the user can activate to signal the user’s privacy preference not to have data about the user’s online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates the user’s choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform the user about that practice in a revised version of this data privacy policy.


Yes, if the user is a resident of California, the user is granted specific rights regarding access to the user’s personal information. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If the user is a California resident and would like to make such a request, please submit the user’s request in writing to us using the contact information provided below. If the user is under 18 years of age, resides in California, and has a registered account with the Website, the user has the right to request the removal of unwanted data that the user publicly posts on the Website. To request the removal of such data, please contact us using the contact information provided below, and include the email address associated with the user’s account and a statement that the user resides in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as: (1 ) every individual who is in the State of California for other than a temporary or transitory purpose       and (2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose All other individuals are defined as “non-residents.” If this definition of “resident” applies to the user, we must adhere to certain rights and obligations regarding the user’s personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

Category Examples Collected
A. Identifiers Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name YES
B. Personal information categories listed in the California Customer Records statute Name, contact information,  education, employment, employment history and financial information YES
C. Protected classification characteristics under California or federal law    Gender and date of birth NO
D. Commercial information Transaction information, purchase history, financial details, and payment information NO
E. Biometric information Fingerprints and voiceprints NO
F. Internet or other similar network activity Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements NO
G. Geolocation data Device location NO
H. Audio, electronic, visual, thermal, olfactory, or similar information Images and audio, video or call recordings created in connection with our business activities NO
l. Professional or employment-related information Business contact details in order to provide the user our services at a business level, job title as well as work history and professional qualifications if the user applies for a job with us NO
J. Education Information Student records and directory information NO
K. Inferences drawn from other personal information Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics NO

We may also collect other personal information outside of these categories in instances where the user interacts with us in-person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels;
  • Facilitation in the delivery of our Services and to respond to the user’s inquiries.

How do we use and share the user’s personal information?

More information about our data collection and sharing practices can be found in this Privacy Notice and our COOKIE POLICY. The user may contact us by email at, or by referring to the contact details at the bottom of this document. If the user is using an authorized agent to exercise the user’s right to opt out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on the user’s behalf. Will the user’s information be shared with anyone else? We may disclose the user’s personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf. We may use the user’s personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of the user’s personal data. HiFives has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. HiFives will not sell personal information in the future belonging to website visitors, users, and other consumers.

The user’s rights with respect to the user’s personal data

Right to request deletion of the data – Request to delete   The user can ask for the deletion of the user’s personal information. If the user asks us to delete the user’s personal information, we will respect the user’s request and delete the user’s personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.

Right to be informed – Request to know  

Depending on the circumstances, the user has a right to know:

  • whether we collect and use the user’s personal information;
  • the categories of personal information that we collect;
  • the purposes for which the collected personal information is used;
  • whether we sell the user’s personal information to third parties;
  • the categories of personal information that we sold or disclosed for a business purpose;
  • the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
  • the business or commercial purpose for collecting or selling personal information.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights,

We will not discriminate against the user if the user exercises the user’s privacy rights.

Verification process

Upon receiving the user’s request, we will need to verify the user’s identity to determine whether the user is the same person about whom we have the information in our system. These verification efforts require us to ask the user to provide the information so that we can match it with the information the user has previously provided us. For instance, depending on the type of request the user submit, we may ask the user to provide certain information so that we can match the information the user provides with the information we already have on file, or we may contact the user through a communication method (e.g. phone or email) that the user have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in the user’s request to verify the user’s identity or authority to make the request. To the extent possible, we will avoid requesting additional information from the user for the purposes of verification. If, however, we cannot verify the user’s identity from the information already maintained by us, we may request that the user provide additional information for the purposes of verifying the user’s identity, and for security or fraud-prevention purposes. We will delete such additional information as soon as we finish verifying the user.

Other Privacy Rights

  • the user may object to the processing of the user’s personal data
  • the user may request correction of the user’s personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data
  • the user can designate an authorized agent to make a request under the CCPA on the user’s behalf. We may deny a request from an authorized agent who does not submit proof that they have been validly authorized to act on the user’s behalf in accordance with the CCPA.
  • the user may request to opt-out from future selling of the user’s personal information to third parties. Upon receiving a request to opt out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

To exercise these rights, the user can contact us by email at, or by referring to the contact details at the bottom of this document. If the user has a complaint about how we handle the user’s data, we would like to hear from the user.


Yes, we will update this notice as necessary to stay compliant with relevant laws. We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify the user either by prominently posting a notice of such changes or by directly sending the user a notification. We encourage the user to review this privacy notice frequently to be informed of how we are protecting the user’s information.


If the user has questions or comments about this notice, the user may email us at or our concerned personnel: Anilkumar S Kalyane, Data Protection Officer (DPO)


Based on the applicable laws of the user’s country, the user may have the right to request access to the personal information we collect from the user, change that information, or delete it in some circumstances. To request to review, update, or delete the user’s personal information, please email us at