We respect your right to privacy and we comply with the highest data protection standards. This privacy policy (the “Privacy Policy”) describes in detail how we collect, use and disclose your personal data, and what choices you have with respect to your personal data. Please read this Privacy Policy carefully. If, after reading the Privacy Policy, you still have any questions, please contact us so that we can address your concerns.

We have worked to make the Privacy Policy clearer and more understandable by:

• Using simple and easy-to-understand language;
• Organizing the Privacy Policy into the sections listed in the Table of Contents below;
• Providing a series of examples that help to illustrate how the policies may be implemented by us; and
• Defining and capitalizing a few terms that are used more than once for simplicity and brevity. 

Table Of Contents

• General Information
• Personal Data Obtained Directly From You
• Personal Data Obtained From Third Parties
• The Purposes of Data
• Aggregated Data
• Retention Period
• How We Share And Disclose Data
• Security
• Age Limitations
• International Data Transfers, Privacy Shield, and Standard Contractual Clauses
• Your Rights
• Data Protection Officer
• Dispute Resolution
• Cookies
• Changes To the Privacy Policy
• Contacting Us

General Information

Applicability Of The Privacy Policy

We collect and process personal and non-personal data when an individual user or organization (“you” and “your”) uses the services (the “Services”) provided by us through the online platform available at https://www.hellocrowd.net (the “Platform”).

This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the Platform (the “Third Party Services”), or any other third party products, services or businesses. In addition, a separate customer agreement (the “Customer Terms”) governs the delivery, access and use of the Services intended to our customers with whom we conclude contracts on the basis of the Customer Terms (the “Customers”), including the processing of any messages, files or other content submitted through such Services (the “Customer Data”). If you are the Customer and your use of the Services is subject to the Customer Terms, you remain the sole controller of the Customer Data.

Responsible Entity

The entity that is responsible for collection and processing of personal data through the Platform is HelloCrowd, Inc. having a registered place of business at 967 Hymettus Ave., Encinitas, CA92024, the United States of America (“we”, “us”, and “our”).

Our Role As Data Controller And Data Processor

When handling personal data, we may act both as a data controller and data processor. Our role depends on a specific situation. For example, we will act as a data controller when we ask you to submit your personal data that is necessary for your use of the Services (e.g., when you register a user account, make payments, or contact us directly).

We will act as a data processor in the situations when you conclude a service contract with us on the basis of the Customer Terms and become the Customer with respect to the data submitted in relation to the Services, including the Customer Data. For example, if you register on HIRE as an organization that is looking for employees, you can select what types of personal data should be collected from potential employees. In such a situation, you act as a data controller, whereas we act as a data processor. A copy of our Data Processing Addendum is available here.

Notwithstanding our role, we will comply with the applicable obligations and strive to ensure that all personal data collected and processed through the Platform is handled properly. 

Definitions

In this Privacy Policy, you will encounter recurrent terms. We would like to explain you what such terms mean:

• “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
• “Data controller” means the entity that determines the purposes and means of the processing of personal data;
• “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
• “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address);
• “Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data. 

Applicable Laws

We handle personal data in accordance with the applicable data protection laws, including, but not limited to, the EU General Data Protection Regulation (GDPR).

Term And Termination

This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us. 

Your Consent To The Privacy Policy

Your use of the Platform is subject to this Privacy Policy. Before you start using the Services, we will ask you to review this Privacy Policy. PLEASE MAKE SURE THAT YOU HAVE ACTUALLY READ THE PRIVACY POLICY, YOU FULLY UNDERSTAND IT, AND YOU AGREE TO THE PROCESSING OF YOUR PERSONAL DATA THROUGH THE PLATFORM.

In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:

• If we intend to collect other types of personal data that are not mentioned in this Privacy Policy;
• If we intend to use your personal data for the purposes that are not indicated in this Privacy Policy;
• If we would like to disclose or transfer your personal data to third parties that are not indicated in this Privacy Policy; or
• If we significantly amend this Privacy Policy. 

Personal Data Obtained Directly From You 

We collect and receive personal and non-personal data in a variety of ways and situations, which are described below (the mandatory personal data is marked with *). We comply with data minimization principles and we collect only a minimal amount of personal data that is necessary for ensuring your use of the Services. 

Personal Data Collected Through The Platform

• When you sign up for Events, we collect your full name*, email address*, password*, and company name;
• When you set up an event, we collect any information you decide to provide us about the event (e.g., list of attendees, contact details, speakers, and sponsors);
• When you contact us by email, we collect your name*, email address*, and any information you decide to provide us in your message;
• When you update your billing information on Events, we collect your full name, billing address, and payment information;
• When you make a payment for the Services provided through Events, we collect your billing address*, VAT number*, and we may have access to your payment information. 

Additional Data

We receive certain additional data when submitted to our Platform or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us.

Failure To Provide Personal Data

If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Platform, receive the Services, or get our response.

Personal Data Obtained From Third Parties

Third Party Services

When using the Platform, you can choose to permit or restrict services and functionalities provided by third parties (the “Third Party Services”). Typically, the Third Party Services are software that integrates with the Services, and you can enable and disable these integrations. Once enabled, the provider of the Third Party Services may share certain information with us. For example, if a cloud storage application is enabled to permit files to be imported to the Services, we may receive your user name and email address, along with additional information that the application has elected to make available to us to facilitate the integration.

You are strongly encouraged to check carefully the privacy settings and notices of the Third Party Services to understand what information may be disclosed to us. When the Third Party Services are enabled, we are authorized to connect and access information, including some personal data, made available to us in accordance with our agreement with the provider of the Third Party Services. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.

Contact Information

If you choose to import your contact information from your device (e.g., an address book from the device) and you provide your consent, we may access such information for the purpose of providing the Services.

Third-Party Data

We may receive certain information about organizations, industries, users of the Platform, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful (the “Third-Party Data”). The Third-Party Data may be combined with the Technical Data (as explained in the section “Technical Data”) that we collect and might include aggregate level data, such as which IP addresses correspond to ZIP codes or countries. The Third-Party Data may also be more specific: for example, how well an online marketing or email campaign performed.

Customer Data

If the functionalities of the Services allow, you may submit the Customer Data that includes messages, files, and other types of content generated by you. For example, if you use HIRE as the Customer, you may routinely submit the Customer Data to us when using the Services. We will have access to the Customer Data to the extent necessary for provision of the Services. We will not access, copy, disclose or use the Customer Data if it is not strictly necessary for provision of the Services requested by you. 

Technical Data

When you use the Platform, we collect certain non-personal data, such as your usage data, Services metadata, log data, device and location information (collectively, the “Technical Data”). The Technical Data includes:

• Usage data. In order to improve the Services, we engage in research about our users. Thus, when you use the Services, we may collect certain technical non-personal data to understand how you use them. Such Technical Data data does not allow us to identify you in any manner.
• Services metadata. When you interact with the Services, metadata is generated that provides additional context about the way you work. For example, we log the workspaces, channels, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).
• Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use the the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
• Device information. We collect information about devices accessing the Services, including the type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of such device information often depends on the type of device used and its settings.
• Location information. We receive information from you that helps us approximate your location. We may, for example, use the billing address or an IP address received from your browser or device to determine approximate location. Please note that such approximation of your location does not allow us to locate or identify you in any manner. We may also collect location information from devices in accordance with the consent process provided by your device.

The Purposes Of Data

We respect strictest data protection principles. Thus, we collect and process your personal and non-personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we will use personal data only for the purposes of providing the Services, maintaining the Platform, conducting research about our business activities, administrative purposes, and replying to your enquiries. The detailed description of the purposes and legal basis for processing of your personal data for each type of data collected by us is provided below (the mandatory personal data is marked with *).

Purposes Of Personal Data Collected Through Events

Personal data	Purpose	Legal basis
When you sign up:
full name* email address* password* company name	To maintain your user account To enable you to use the full functionality of Events To provide you with the requested Services To contact you, if necessary	Performing a contract with you Your consent (for optional personal data)
When you set up an event:
Any information you decide to provide us about the event (e.g., list of attendees, contact details, speakers, and sponsors)	To provide you with the requested Services	Performing a contract with you
When you contact us by email:
name* email address* any information you decide to provide us in your message	To respond to your enquiries To provide you with the requested information	Pursuing our legitimate business interests (to grow and promote our business) Your consent (for optional personal data)
When you update your billing information:
full name billing address payment information	To facilitate your payments for the Services	Your consent
When you make a payment for the Services:
billing address* VAT number* payment information	To process your payments for the Services To maintain our administration	Performing a contract with you Pursuing our legitimate business interests (to administer our business)
When you use Events:
IP address	To conduct research on our users' demographics, interests, and behaviors To analyze and improve our business activities	Pursuing our legitimate business interests (to analyze, grow and promote our business)

Marketing Communication

We sometimes send emails about new product features, promotional communications or other news about us and the Services. These are marketing messages so you can control whether you receive them. Please note that we will not send you direct marketing messages, such as newsletters, brochures, promotions and advertisements, or contact you by any other means with the purpose to offer you the Services, unless:

• We receive your express (“opt-in”) consent to receive such marketing messages. You can opt-out from receiving such marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you; or
• We decide to send you marketing messages about our new Services that are closely related to the Services already used by you.

Informational Notices

We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in the Platform, our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services, they will be sent on “if-needed” basis and you may not opt out of them.

Purposes Of Customer Data

The Customer Data will be used for the sole purpose of providing you with the requested Services. The legal basis for such use of the Customer Data is performing a contract with you. If you submit any Customer Data through the Platform as the Customer, the Customer Data will be used by us in accordance with your instructions, including any applicable terms in the Customer Agreement and your use of Services functionality, and as required by the applicable law. Please note that, if you are the Customer, we act as a processor of the Customer Data and you act as a data controller. You may, for example, if the functionalities of the Services allow, use the Services to grant and remove access to the Services, assign roles and configure settings, access, modify, export, share and remove the Customer Data and otherwise apply your policies to the Services. 

Purposes Of Technical Data

We will use the Technical Data in furtherance of our legitimate interests in operating our Platform, providing the Services, conducting our business activities, and developing new products. The legal basis for such use of the Technical Data is pursuing our legitimate business interests. More specifically, we will use the Technical Data:

• To provide, update, maintain and protect the Platform, our Services, and business. This includes the use of the Technical Data to support delivery of the Services under the Customer Terms, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at your request.
• As required by applicable law, legal process or regulation.
• To communicate with you by responding to your requests, comments and questions. If you contact us, we may use the Technical Data to respond.
• To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for you. For example, we may improve search functionality by using the Technical Data to help determine and rank the relevance of content, channels or expertise to you, make the suggestions for the Services based on historical use and predictive models, identify organizational trends and insights, to customize the experience of the Services or create new productivity features and products.
• To investigate and help prevent security issues and abuse.

Aggregated Data

If your personal data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose. To the extent personal data is associated with an identified or identifiable natural person and is protected as personal data under the applicable data protection law, it is referred to in this Privacy Policy as “personal data.” In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will treat such aggregated data as personal data.

Retention Period

Personal Data

We will store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy, you request us to delete your personal data, or until your user account is deleted – whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it (e.g., we are not obliged by law to store your personal data), we will immediately delete your personal data from our systems.

Customer Data

If you act as the Customer and you submit any Customer Data, we will retain the Customer Data in accordance with your instructions, including any applicable terms in the Customer Terms and the use of the Services functionality, and as required by applicable law. The deletion of the Customer Data and other use of the Services by you may result in the deletion and/or de-identification of certain associated Technical Data. For more details, please review the Help Center or contact us.

Technical Data

We may retain the Technical Data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Technical Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Retention As Required By Law

Please note that, in some cases, we may be obliged by law to store your personal data for a certain period of time (e.g., for accountancy purposes). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

How We Share And Disclose Data

In some circumstances, we disclose your personal data to third party service providers (data processors) and other third parties. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, email distribution, and developing services, or if you explicitly request us to disclose the personal data. This section describes in detail how we share and disclose personal and non-personal data to third parties. 

Situations In Which We Share Data

We may share your personal and non-personal data in the following situations:

• Upon Customer’s instructions. We will solely share and disclose the Customer Data in accordance with Customer’s instructions, including any applicable terms in the Customer Terms and the use of Services functionality, and in compliance with applicable law and legal process. Please note that, if we act as a data processor, you (as a data controller) determine your own policies and practices for the sharing and disclosure of personal data, and we do not control how you or any other third parties choose to share or disclose personal data.
• Displaying the Services. When you submit your personal data, it may be displayed to other users in the same or connected Platform. For example, your email address may be displayed with your profile in the mobile applications related to the Platform. Please consult the Help Center for more information on the functionalities of the Services.
• Collaborating with others. The Platform provide different ways for you to collaborate and communicate with others. For example, you may share your profile information with other users of the Services, subject to the policies, practices, and functionalities of the Services.
• Access by authorizes persons. Owners, administrators, authorized users and your other representatives and personnel may be able to access, modify or restrict access to personal data. This may include, for example, your employer using the Services features of LEARN to export logs of your activities carried through the LEARN, or accessing or modifying your profile details.
• Third-party service providers and partners. We may engage third party companies or individuals as service providers or business partners to process personal data and support our business. These third parties may, for example, provide virtual computing and storage services. 
• Third Party Services. You may enable Third Party Services. When enabled, we may share personal data with the providers of the Third Party Services. The Third Party Services are not owned or controlled by us and third parties that have been granted access to personal data may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
• Corporate Affiliates. We may share personal data with our corporate affiliates, parents and/or subsidiaries.
• During a change to our business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all personal data may be shared or transferred, subject to standard confidentiality arrangements.
• Aggregated or de-identified data. We may disclose or use aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as telling our prospective customers the average amount of time spent using the Services.
• To Comply with laws. If we receive a request for information, we may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how we respond to requests to disclose personal data from government agencies and other sources. 
• To enforce our rights, prevent fraud, and for safety. We may use personal data to protect and defend our or third parties’ rights, property or safety, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues. 
• With consent. We may share personal data with third parties when we have your consent to do so. 

Third Parties With Whom We Share Data

We will share your personal data only with the third parties that agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The third parties that may have access to your personal data include, but are not limited, to:

• Our cloud service providers Amazon Web Services and Google;
• Our customer support service provider Intercom;
• Our transactional email service provider Mandrill
• Our data enhancement service provider Clearbit;
• Our payment service provider Stripe

 

Security

We take the security of personal data very seriously. We work hard to protect the personal data you provide from loss, misuse, and unauthorized access or disclosure. We implement organizational and technical information security measures to protect personal data, such as anonymization, secured networks, encryption, and limited access to your personal data by our staff. These measures take into account the sensitivity of the personal data we collect, process and store, and the current state of technology. Should a data breach occur, we will handle such a breach in accordance with our internal information security policies and the requirements set by the applicable law.

We have received internationally recognized security certifications for ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud). To learn more about current practices and policies regarding the security and confidentiality of the Services, please see our Security Practices available at [insert URL of Security Practices].

Given the nature of communications and information processing technology, we cannot guarantee that the personal data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others. 

Age Limitations

To the extent prohibited by applicable law, we do not allow anyone younger than 16 years old to use of the Services. Thus, we do not knowingly collect personal data of persons below the age of 16. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take immediate steps to delete such personal data.

International Data Transfers, Privacy Shield And Standard Contractual Clauses

We may transfer your personal data to countries other than the one in which you live. For example, if you are a resident of the European Economic Area (EEA), we may transfer your personal data outside the EEA because we and some of the third parties listed in this Privacy Policy are located outside the EEA. We deploy the following safeguards if we transfer personal data originating from the European Union or Switzerland to other countries not deemed by the European Commission to provide an adequate level of personal data protection:

• U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
• European Union Model Clauses. We offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European Union, and other international transfers of the Customer Data. A copy of our Data Processing Addendum, incorporating the Standard Contractual Clauses, is available here.

 

Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework

Our commitment. We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

Privacy Shield Principles. We adhere to the Privacy Shield Principles (the “Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. We comply with the following Principles:

1. In this Privacy Policy, we notify individuals whose personal data is obtained from the EU or Switzerland about our data protection practices, including (i) the types of personal data that we collect, (ii) the purposes for which we collect and use personal data, (iii) the types of third parties to which we disclose personal data and the purposes for which we do so, (iv) an opportunity to access personal data, (v) the choices and means that we offer for limiting our use and disclosure of personal data, (vi) how our obligations under the Privacy Shield are enforced, and (vii) how you can contact us with any inquiries or complaints.
2. You have an opportunity to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorised by you. You can do so by contacting us at dpo@hellocrowd.net. Please note that, in certain situations (e.g., when a disclosure is made to a third party that is acting as an agent to perform task(s) on our behalf or under our instructions and we have entered into a contract with such party), it may not be possible to opt-out with our impairing the services provided by us.
3. Accountability for onward transfer. When we act in the capacity of a data controller and transfer your personal data to a third party, we comply with the Principles of “notice” and “choice” described above. We also enter into a contract with the third-party contractor that ensures that such data may only be processed for limited and specified purposes consistent with the consent provided by a data subject and that the recipient will provide the same level of protection as the Principles and, if this obligation is no longer met, a notification will be provided to us. The contract shall also provide that, when such a determination is made, the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate. When we transfer personal data to a third party acting as an agent (our data processor), we will ensure that the agent: (i) shall use personal data only for limited and specified purposes; (ii) is obligated to provide at least the same level of protection as it is required by the Principles; (iii) takes reasonable and appropriate steps to ensure that it effectively processes the personal data transferred in a manner consistent with our obligations under the Principles; (iv) is required to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; and (v) upon our notice, including under (iv), takes reasonable and appropriate steps to stop and remediate unauthorised processing of personal data. We will also provide a summary or a representative copy of the relevant privacy provisions of the contract, upon request of a public authority.
4. We take reasonable and appropriate measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. When ensuring such security, we take into due account the risks involved in the processing and the nature of the personal data. Our security measures are listed in the section “Security”.
5. Data integrity and purpose limitation. We collect only minimal amount of personal data that is relevant for the purposes of processing. We do not process personal data in a way that is incompatible with the purposes for which such personal data was collected or subsequently authorised by an individual. Moreover, we put reasonable efforts to ensure that personal data is reliable for its intended use, accurate, complete, and current. We adhere to the Principles for as long as we retain personal data.
6. You have the right to access the personal data that we hold about you. Moreover, you are able to correct, amend, or delete that data where it is inaccurate, or has been processed in violation of the Principles. Your rights are described in detail in section “Your Rights”. Please note that this right cannot be exercised if the burden or expense of providing access to your personal data would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated. You can exercise your rights by contacting us at dpo@hellocrowd.net.
7. Recourse, enforcement, and liability. The government agency in the US that is responsible for investigation and enforcement of our obligations under the Privacy Shield Framework is the US Federal Trade Commission (https://www.ftc.gov). In compliance with the Principles, we commit to resolve any complaints that we receive about our data protection practices. If you have any inquiries or complaints regarding this Privacy Policy or the Principles, you should first contact us at dpo@hellocrowd.net and explain your concern. We will respond to your claim without undue delay (no later than 2 weeks). We also provide access to an independent recourse mechanism (IRM) to investigate complaints about non-compliance with the Principles at no cost to you. We have chosen to utilize the EU data protection authorities (DPAs) and paid an annual fee in order to cover the operating costs of the EU DPA panel. If you are not satisfied with how we handle your claim, you can contact the DPA of the country where you reside for more information and an opportunity to file a complaint. Under certain conditions detailed in the Privacy Shield, you may be able to invoke binding arbitration to determine whether we have violated our obligations under the Principles as to you and whether any such violation remains fully or partially unremedied. We have paid a contribution to cover the arbitral costs, including arbitrator fees, up to maximum amounts. The International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) was selected to administer these arbitrations. We will respond expeditiously to complaints regarding our compliance with the Principles referred to us by any public authority. We further agree to periodically review and verify our compliance with the Principles and remedy any issues arising out of our failure to comply with the Principles. We acknowledge that our failure to provide an annual self-certification to the US Department of Commerce will remove us from the Department’s list of Privacy Shield participants. In the context of an onward transfer, we are responsible for the processing of personal data that we transfer to a data processor. We remain liable under the Principles if our data processors processes personal dat in a manner inconsistent with the Principles, unless can prove otherwise.

More information about Privacy Shield. For more information on the Privacy Shield Framework, please visit https://www.privacyshield.gov . You can easily check our Privacy Shield status by visiting the website of the US Department of Commerce available at https:// www.privacyshield.gov/list .

Your Rights

 Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may ask us to:

• Get a copy of your personal data that we store;
• Rectify inaccurate personal data;
• Move your personal data to another processor;
• Delete your personal data from our systems;
• Object and restrict processing of your personal data;
• Withdraw your consent; or
• Process your complaint regarding your personal data.

For example, you have an opportunity to choose (opt out) whether your personal data is (i) to be disclosed to a third party for purposes that are not relevant to your use of the Platform or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorised by you.
You can usually exercise your rights by using the settings and tools provided through the Platform. If you cannot use the settings and tools, please contact us by email at dpo@hellocrowd.net and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.

Data Protection Officer

We have appointed a data protection officer (“DPO”) who is responsible for ensuring that your personal data is handled in a lawful manner. To communicate with our DPO, please email dpo@hellocrowd.net .

Dispute Resolution

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. If you are an individual based in the EU or Switzerland and you would like to launch a complaint about the way in which your personal data is handled by us, we kindly ask you to contact us or our DPO first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible but no later than 2 weeks. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority (DPA).

We have also committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. Please refer to the section “Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework” for more information about such disputes.

We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles. For more information, please refer to section “Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework” above.

Cookies

We use cookies and similar technologies on our Platform. The Platform may also include cookies and similar tracking technologies of third parties, which may collect information about you via the Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy available here.

Changes To The Privacy Policy

We may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, we will provide additional notice via email or through the Services and, if necessary, seek to obtain your consent to the amended Privacy Policy. If you disagree with the changes to the Privacy Policy, you should cease using the Services.

Contacting Us

Please feel free to contact us if you have any questions about the Privacy Policy or our privacy and security practices. You may contact us by using the following contact details:

Email:	support@hellocrowd.net
Email our DPO:	dpo@hellocrowd.net
Phone:	+1 201 574 1903
Post address:	HelloCrowd, Inc 967 Hymettus Ave,  Encinitas, CA, 92024 United States