If you have any questions or comments concerning this policy, please feel free to contact us.
I.THE PERSONAL DATA WE COLLECT
Personal data means any information about an individual user from which that person can be identified. HIFAF will only collect personal data about you with your consent. The only information collected by us is what has been provided by you, collected by us, or provided to us lawfully by third parties including social media platforms such as Linkedin, Facebook, Instagram and Google.
The personal data we collect falls into the following categories:
Account Information includes first name, last name, username, password, and location. If you interact with us through social media, this may include your social media username.
Contact Information includes billing address, address, email address and mobile number.
Profile Information includes your username, your communication preferences, social media handles, as well as any additional profile data which has been added by you or us. We may make notes in Friendship History to help us provide the best service to you as possible, and in some of our tools, there are fields for your children’s names, birth month and year.
Financial Information includes payment details, although we use Stripe to process all transactions, and we never see your credit card details.
Transaction Information includes details about payments to and from you, and other details of the products/services purchased.
Your Content includes any information, material or content contributed by you directly to the Platform.
Communications includes any communications that you make with us (via email, phone or through the Platform, or otherwise) or communications you make with other users.
Technical Information includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
Usage Information includes information about how you use the Services.
Tracking Information includes information we or other parties collect about you from cookies and similar tracking technologies, such as web beacons, pixels and other identifiers.
Aggregated Information such as statistical or demographic data for any purpose. Aggregate Information may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
Marketing Information, which includes your preferences in receiving marketing from us.
We do not collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic biometric data). Nor do we collect any information about criminal convictions or offenses.
II.HOW WE COLLECT PERSONAL DATA
There are different methods in which we collect personal data from you.
Automated Technologies or Interactions. When you use the Services, we may automatically collect Technical and Transactional Information, Communications, and Your Content, that may, in certain circumstances, constitute personal data. We may also collect Tracking Information when you use our Services. Some of the ways in which we or the Platform may collect are as follows:
- Cookies and other technologies. We may place a “cookie” on the hard drive of the device that you use to access the Services. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes of automatically authenticating and logging you into the Services, saving your preferences and directing information to you.
- Web Beacon. A “Web beacon,” also sometimes called a pixel tag or transparent GIF, is an object that is embedded in a web page. It is usually invisible to you, but allows website operators to check whether you have viewed a particular web page or email communication. We may place web beacons on our website, and in the emails we send to you.
- Analytics Tools. By using cookies and web beacons, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the Internet Protocol address, and the type of operating system used in the devices used access the Service. You can opt out of Google Analytics by using a browser plugin provided by Google (http://www.google.com/ads/preferences/plugin/).
- Clickstream Data. When you use the Services, a trail of electronic information is left at each website you visit. This information is referred to as “Clickstream Data”, and can be collected and stored by a website’s server. All clicks and pages that our users click are collected to determine how much much time a visitor spends on each page on the Platform, how users navigate the Platform and how we can tailor the Platform to meet the needs of our users. This information can be used to improve the Platform and our Services. Any collection or use of Clickstream Data will be anonymously aggregated, and will not intentionally contain any personal data.
- Location Data. The Platform, when given permission, will estimate the latitude and longitude coordinates of your IP address. We use this information to help us improve the relevance of search results.
Third Parties or Publicly Available Sources. We may also receive personal data about you from various third parties, including:
- Technical and/or Tracking Information from analytics providers, advertising networks and search information providers;
- Contact, Financial and Transaction Information from providers of payment and fraud prevention services;
- Account and Contact Information from data partners; and
- Data from third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites. We will only use your personal data when the law allow us to.
III. HOW WE USE YOUR PERSONAL DATA
We will never sell your personal data to third parties for their use or marketing purposes. HIFAF uses the personal data that we collect for the following purposes:
- To provide you with our Services.To provide you with the Services, communicate with you about your use of the Services, respond to inquiries, provide troubleshooting, and for customer service purposes.
- To Personalize the Services. To provide you with personalized content through the Services, to suggest partnerships between you and a brand and/or influencer, to personalize help and instructions, and to otherwise personalize your experience on the Services.
- Marketing and Promotional Use. For marketing and promotional purposes, such as to send you news and newsletters, special offers, and promotions, or to otherwise contact you about information we think may interest you.
- Analytics. To gather metrics to better understand how users access and use the Services, to evaluate and improve the Services, and to develop new product features.
- To Comply with Law. If required to do so by law, court order or other government or law enforcement authority or regulatory agency; or, if we believe in good faith that disclosing this information is necessary or advisable, including, for example, to protect the rights, property, or safety of HIFAF, you, users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
IV.DISCLOSURE OF PERSONAL DATA
We may share personal data with the following categories of third parties:
- Service providers (such as technology service providers, hosting providers, payment processing, auditors, advisors, consultants, customer service and support providers, and fraud prevention providers);
- Subsidiaries and affiliates of HIFAF;
- Business Transfers (such as in the case of any merger, sale, and transfer of assets, acquisition or restructuring of all or part of our business, bankruptcy or similar events);
- Legally required (to public authorities, such as law enforcement, if we are legally required to or if we need to protect our rights or the rights of third parties);
- Protection of rights (where we believe it is necessary to respond to claims asserted against us, or comply with legal process, enforce or administer our agreements and terms, fraud prevention, risk assessment, investigation, and protect the rights, property and safety of our users).
We may also share data with third parties connected to advertising, retargeting and analytics (see Cookies Policy below for more information).
We require all third parties to respect the security of your personal data and to treat it in accordance with law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes in accordance with our instructions.
Cookies may be placed on your computer or device, which will allow us and other trusted partners (see below) to receive information stored in cookies when you visit the Platform and use the Services.
Different types of cookies are used when using the Services. These include:
- Authentication. When signing into the Services, cookies help us recognize you.
- Research, Analytics and Fraud Prevention. Cookies may be used to understand how our users use the Services so we can improve them.
- Feature and Services. Cookies can be used to personalize the features on the Services based on your preference and history.
- Advertising. We may install tracking from advertising networks such as LinkedIn, Facebook, Instagram, and Google in our Services. The data collected by these networks allows us to target ads to our users and measure their performance.
- Google Analytics
- Linkedin Ads
- Facebook Ads
You can remove or block certain cookies using the settings in your browser. If you choose to remove or block certain cookies, you may still use our Services however your access to some functionality and areas may be restricted.
HIFAF uses third party payment processor Stripe.com to process transactions made via the Services. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information is encrypted before being communicated to them. Your credit card details are communicated directly from your browser to these payment processors. HIFAF never sees your payment information. This means the payment form is either off-site or displayed in a frame on the payment page.
VII. INTERNATIONAL TRANSFER OF PERSONAL DATA
VIII. HOW WE STORE INFORMATION
The security of personal data is important to us. HIFAF will take reasonable steps to protect all personal data, and to keep this information accurate, up to date, complete and relevant.
Our standard procedures call for us to retain information submitted by users for an indefinite length of time. HIFAF understands your submissions as consent to store all your information in one place for this indefinite length of time, if we so wish. If required by law, as is the case to comply with the Children’s Online Privacy Protection Act (COPPA), we will nullify user information by erasing it from our database. We will also respond to written user requests to nullify account information.
Your profile is password-protected so that only you have access to your account information. If you have registered for a Platform account using the single-sign on or account synchronization applications of Facebook, Twitter, or other social network services, then your login and password shall be the same as your social network login and password. In order to maintain this protection, do not give your password to anyone. HIFAF staff will never proactively reach out to you and ask for any personal account information, including your password. For our web application, you should sign out of Your account and the browser window before someone else obtains access. You should never share devices. This will help protect your information entered on public terminals from disclosure to third parties.
Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit, and you do so at your own risk. If HIFAF expressly disclaims any liability that may arise should any other individuals obtain the information you submit.
IX. CHOICES YOU HAVE
You may check your information to verify, update or correct it, and to have any obsolete information removed. If you created an account on the Platform, you can access and change your online account profile yourself. You can also review any of the information that we have retained, how we have used it, and to whom we have disclosed it at any time by contacting us as indicated in the Contact Us section below. Subject to certain exceptions prescribed by law, and provided we can authenticate your identity, you will be given reasonable access to your personal information, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate. You may also ask us to change your preferences regarding how we use or disclose your information, or let us know that you do not wish to receive any further communication from us.
X.OUR POLICY ON CHILDREN’S INFORMATION
The collection of personal data is neither intended for, nor direct to, persons who are under the age of thirteen (13) years old. Personal data will not be collected by any person who is known by HIFAF to be under the age of thirteen (13) without the consent of a parent or legal guardian. Persons under age thirteen (13) may only use the Services with the involvement and consent of a parent or legal guardian.
XI. LINKS TO OTHER WEBSITES
The Platform may contain links to third party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures.
XII. CALIFORNIA PRIVACY
This Section applies to California residents. Under California Law, California residents have the right to request in writing from a business where a business relationship exists:
- A list of categories of personally identifiable information, such as name, email address and mailing address and the type of service provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the preceding calendar year for the third parties’ direct marketing purposes; and
- The names and addresses of all such third parties.
To request the above information or opt out of the use of your personally identifiable information, please contact us.
XIII. CHANGES TO THIS POLICY
XIV. QUESTIONS OR CONCERNS
Whether you live in or outside the United States, Heard It From A Friend, LLC, is the data controller and is responsible for your personal data. You can contact our data controller at firstname.lastname@example.org.
XV. RIGHTS OF EUROPEAN UNION DATA SUBJECTS
Heard It From A Friend, LLC generally acts as the data controller of the information you submit through the Platform. HIFAF complies with the European Union General Data Protection Regulation (“GDPR”), which comes into effect May 25, 2018. The GDPR deals with the processing of personal data.
You have no obligation to provide us with personal data. However, if you do not provide us with personal data, you withdraw your consent, or you request restriction over or otherwise object to our processing of your personal data, we may not be able to provide you with access to, or the functionality of the Services and The Platform.
Legal Bases of Processing
Below are the lawful basis that we rely on to process your personal data:
- Consent. HIFAF processes your personal data on the legal basis of consent, which you grant when you sign up for our Services.
- Legitimate Interest. HIFAF processes personal data in order to conduct and manage our business and to enable us to give you the best service/product with the best and most secure experience.
- Comply with Legal or Regulatory Obligations. HIFAF may process your personal data to comply with legal or regulatory obligations that we are subject to.
Purposes for processing of personal data
Recipients or categories of recipients of personal data
The recipients of the personal data are HIFAF and the entities as set forth in Section IV.
HIFAF is headquartered in the United States. As such, the recipients of your personal data may be located in countries in which the privacy or data protection laws differ from those of the European Union, and which are not subject of any adequacy decision by the European Commission. By using the Platform, you freely and specifically give us your consent to export and use your information within the United States. You understand that the data stored in the United States is subject to lawful requests by the courts or law enforcement authorities in the United States. If you are in the EU, whenever we transfer personal data to processors out of the EU, we take appropriate safeguards to protect your personal data. We may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU.
Withdrawing consent, or objecting or restricting to processing of personal data
You may withdraw your consent at any time for the processing of personal data, or otherwise request that we restrict our processing of your personal data.
How long we keep your personal data
HIFAF will store your personal data for as long as you subscribe to our Services and for a period of time afterwards based on our document retention obligations imposed by law, to comply with audit and financial obligations, and in relation to personal information contained in material which you have licensed or assigned to us for a period of time required to enforce or establish our rights in that material.
Your rights under the GDPR
You have a number of rights under the GDPR. These include the right to:
- Request access to your personal data from us;
- Request that we correct or erase your personal data:
- Withdraw your consent for us to use your personal data;
- In some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information;
- Receive your personal data held by us, in a commonly used electronic format, or to have us transfer such personal information to another service provider of your choosing;
- Lodge a complaint in relation to our processing of your personal information with a data protection supervisory authority under the GDPR; and
- Be informed generally about the collection and use of your personal information, including where we intend to further process your personal information for additional purposes other than as discussed above.
Effective October 4, 2018