Terms of Service
Effective Date: 27 January 2020
- Using simple and easy-to-understand language;
- Providing a series of examples that help to illustrate how the policies may be implemented by us; and
- Defining and capitalizing a few terms that are used more than once for simplicity and brevity.
Table Of Contents
- General Information
- Personal Data Obtained Directly From You
- Personal Data Obtained From Third Parties
- The Purposes of Data
- Aggregated Data
- Retention Period
- How We Share And Disclose Data
- Age Limitations
- International Data Transfers, Privacy Shield, and Standard Contractual Clauses
- Your Rights
- Data Protection Officer
- Dispute Resolution
- Contacting Us
We collect and process personal and non-personal data when an individual user or organization (“you” and “your”) uses the services (the “Services”) provided by us through the online platform available at https://www.hellocrowd.net (the “Platform”).
The entity that is responsible for collection and processing of personal data through the Platform is HelloCrowd, Inc. having a registered place of business at 967 Hymettus Ave., Encinitas, CA92024, the United States of America (“we”, “us”, and “our”).
Our Role As Data Controller And Data Processor
When handling personal data, we may act both as a data controller and data processor. Our role depends on a specific situation. For example, we will act as a data controller when we ask you to submit your personal data that is necessary for your use of the Services (e.g., when you register a user account, make payments, or contact us directly).
We will act as a data processor in the situations when you conclude a service contract with us on the basis of the Customer Terms and become the Customer with respect to the data submitted in relation to the Services, including the Customer Data. For example, if you register on HIRE as an organization that is looking for employees, you can select what types of personal data should be collected from potential employees. In such a situation, you act as a data controller, whereas we act as a data processor. A copy of our Data Processing Addendum is available here.
Notwithstanding our role, we will comply with the applicable obligations and strive to ensure that all personal data collected and processed through the Platform is handled properly.
- “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
- “Data controller” means the entity that determines the purposes and means of the processing of personal data;
- “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
- “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address);
- “Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.
We handle personal data in accordance with the applicable data protection laws, including, but not limited to, the EU General Data Protection Regulation (GDPR).
Term And Termination
In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:
Personal Data Obtained Directly From You
We collect and receive personal and non-personal data in a variety of ways and situations, which are described below (the mandatory personal data is marked with *). We comply with data minimization principles and we collect only a minimal amount of personal data that is necessary for ensuring your use of the Services.
Personal Data Collected Through The Platform
- When you sign up for Events, we collect your full name*, email address*, password*, and company name;
- When you set up an event, we collect any information you decide to provide us about the event (e.g., list of attendees, contact details, speakers, and sponsors);
- When you contact us by email, we collect your name*, email address*, and any information you decide to provide us in your message;
- When you update your billing information on Events, we collect your full name, billing address, and payment information;
- When you make a payment for the Services provided through Events, we collect your billing address*, VAT number*, and we may have access to your payment information.
We receive certain additional data when submitted to our Platform or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us.
Failure To Provide Personal Data
If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Platform, receive the Services, or get our response.
Personal Data Obtained From Third Parties
Third Party Services
When using the Platform, you can choose to permit or restrict services and functionalities provided by third parties (the “Third Party Services”). Typically, the Third Party Services are software that integrates with the Services, and you can enable and disable these integrations. Once enabled, the provider of the Third Party Services may share certain information with us. For example, if a cloud storage application is enabled to permit files to be imported to the Services, we may receive your user name and email address, along with additional information that the application has elected to make available to us to facilitate the integration.
You are strongly encouraged to check carefully the privacy settings and notices of the Third Party Services to understand what information may be disclosed to us. When the Third Party Services are enabled, we are authorized to connect and access information, including some personal data, made available to us in accordance with our agreement with the provider of the Third Party Services. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.
If you choose to import your contact information from your device (e.g., an address book from the device) and you provide your consent, we may access such information for the purpose of providing the Services.
We may receive certain information about organizations, industries, users of the Platform, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful (the “Third-Party Data”). The Third-Party Data may be combined with the Technical Data (as explained in the section “Technical Data”) that we collect and might include aggregate level data, such as which IP addresses correspond to ZIP codes or countries. The Third-Party Data may also be more specific: for example, how well an online marketing or email campaign performed.
If the functionalities of the Services allow, you may submit the Customer Data that includes messages, files, and other types of content generated by you. For example, if you use HIRE as the Customer, you may routinely submit the Customer Data to us when using the Services. We will have access to the Customer Data to the extent necessary for provision of the Services. We will not access, copy, disclose or use the Customer Data if it is not strictly necessary for provision of the Services requested by you.
When you use the Platform, we collect certain non-personal data, such as your usage data, Services metadata, log data, device and location information (collectively, the “Technical Data”). The Technical Data includes:
- Usage data. In order to improve the Services, we engage in research about our users. Thus, when you use the Services, we may collect certain technical non-personal data to understand how you use them. Such Technical Data data does not allow us to identify you in any manner.
- Services metadata. When you interact with the Services, metadata is generated that provides additional context about the way you work. For example, we log the workspaces, channels, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use the the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Device information. We collect information about devices accessing the Services, including the type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of such device information often depends on the type of device used and its settings.
- Location information. We receive information from you that helps us approximate your location. We may, for example, use the billing address or an IP address received from your browser or device to determine approximate location. Please note that such approximation of your location does not allow us to locate or identify you in any manner. We may also collect location information from devices in accordance with the consent process provided by your device.
The Purposes Of Data
Purposes Of Personal Data Collected Through Events
|Personal data||Purpose||Legal basis|
|When you sign up:|
|When you set up an event:|
|When you contact us by email:|
|When you update your billing information:|
|When you make a payment for the Services:|
|When you use Events:|
We sometimes send emails about new product features, promotional communications or other news about us and the Services. These are marketing messages so you can control whether you receive them. Please note that we will not send you direct marketing messages, such as newsletters, brochures, promotions and advertisements, or contact you by any other means with the purpose to offer you the Services, unless:
- We receive your express (“opt-in”) consent to receive such marketing messages. You can opt-out from receiving such marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you; or
- We decide to send you marketing messages about our new Services that are closely related to the Services already used by you.
We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in the Platform, our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services, they will be sent on “if-needed” basis and you may not opt out of them.
Purposes Of Customer Data
The Customer Data will be used for the sole purpose of providing you with the requested Services. The legal basis for such use of the Customer Data is performing a contract with you. If you submit any Customer Data through the Platform as the Customer, the Customer Data will be used by us in accordance with your instructions, including any applicable terms in the Customer Agreement and your use of Services functionality, and as required by the applicable law. Please note that, if you are the Customer, we act as a processor of the Customer Data and you act as a data controller. You may, for example, if the functionalities of the Services allow, use the Services to grant and remove access to the Services, assign roles and configure settings, access, modify, export, share and remove the Customer Data and otherwise apply your policies to the Services.
Purposes Of Technical Data
We will use the Technical Data in furtherance of our legitimate interests in operating our Platform, providing the Services, conducting our business activities, and developing new products. The legal basis for such use of the Technical Data is pursuing our legitimate business interests. More specifically, we will use the Technical Data:
- To provide, update, maintain and protect the Platform, our Services, and business. This includes the use of the Technical Data to support delivery of the Services under the Customer Terms, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at your request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use the Technical Data to respond.
- To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for you. For example, we may improve search functionality by using the Technical Data to help determine and rank the relevance of content, channels or expertise to you, make the suggestions for the Services based on historical use and predictive models, identify organizational trends and insights, to customize the experience of the Services or create new productivity features and products.
- To investigate and help prevent security issues and abuse.
If you act as the Customer and you submit any Customer Data, we will retain the Customer Data in accordance with your instructions, including any applicable terms in the Customer Terms and the use of the Services functionality, and as required by applicable law. The deletion of the Customer Data and other use of the Services by you may result in the deletion and/or de-identification of certain associated Technical Data. For more details, please review the Help Center or contact us.
Retention As Required By Law
Please note that, in some cases, we may be obliged by law to store your personal data for a certain period of time (e.g., for accountancy purposes). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
How We Share And Disclose Data
In some circumstances, we disclose your personal data to third party service providers (data processors) and other third parties. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, email distribution, and developing services, or if you explicitly request us to disclose the personal data. This section describes in detail how we share and disclose personal and non-personal data to third parties.
Situations In Which We Share Data
We may share your personal and non-personal data in the following situations:
- Upon Customer’s instructions. We will solely share and disclose the Customer Data in accordance with Customer’s instructions, including any applicable terms in the Customer Terms and the use of Services functionality, and in compliance with applicable law and legal process. Please note that, if we act as a data processor, you (as a data controller) determine your own policies and practices for the sharing and disclosure of personal data, and we do not control how you or any other third parties choose to share or disclose personal data.
- Displaying the Services. When you submit your personal data, it may be displayed to other users in the same or connected Platform. For example, your email address may be displayed with your profile in the mobile applications related to the Platform. Please consult the Help Center for more information on the functionalities of the Services.
- Collaborating with others. The Platform provide different ways for you to collaborate and communicate with others. For example, you may share your profile information with other users of the Services, subject to the policies, practices, and functionalities of the Services.
- Access by authorizes persons. Owners, administrators, authorized users and your other representatives and personnel may be able to access, modify or restrict access to personal data. This may include, for example, your employer using the Services features of LEARN to export logs of your activities carried through the LEARN, or accessing or modifying your profile details.
- Third-party service providers and partners. We may engage third party companies or individuals as service providers or business partners to process personal data and support our business. These third parties may, for example, provide virtual computing and storage services.
- Third Party Services. You may enable Third Party Services. When enabled, we may share personal data with the providers of the Third Party Services. The Third Party Services are not owned or controlled by us and third parties that have been granted access to personal data may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
- Corporate Affiliates. We may share personal data with our corporate affiliates, parents and/or subsidiaries.
- During a change to our business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all personal data may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or de-identified data. We may disclose or use aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as telling our prospective customers the average amount of time spent using the Services.
- To Comply with laws. If we receive a request for information, we may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how we respond to requests to disclose personal data from government agencies and other sources.
- To enforce our rights, prevent fraud, and for safety. We may use personal data to protect and defend our or third parties’ rights, property or safety, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With consent. We may share personal data with third parties when we have your consent to do so.
Third Parties With Whom We Share Data
- Our cloud service providers Amazon Web Services and Google;
- Our customer support service provider Intercom;
- Our transactional email service provider Mandrill
- Our data enhancement service provider Clearbit;
- Our payment service provider Stripe
We take the security of personal data very seriously. We work hard to protect the personal data you provide from loss, misuse, and unauthorized access or disclosure. We implement organizational and technical information security measures to protect personal data, such as anonymization, secured networks, encryption, and limited access to your personal data by our staff. These measures take into account the sensitivity of the personal data we collect, process and store, and the current state of technology. Should a data breach occur, we will handle such a breach in accordance with our internal information security policies and the requirements set by the applicable law.
We have received internationally recognized security certifications for ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud). To learn more about current practices and policies regarding the security and confidentiality of the Services, please see our Security Practices available at [insert URL of Security Practices].
Given the nature of communications and information processing technology, we cannot guarantee that the personal data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
To the extent prohibited by applicable law, we do not allow anyone younger than 16 years old to use of the Services. Thus, we do not knowingly collect personal data of persons below the age of 16. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take immediate steps to delete such personal data.
International Data Transfers, Privacy Shield And Standard Contractual Clauses
- U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
- European Union Model Clauses. We offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European Union, and other international transfers of the Customer Data. A copy of our Data Processing Addendum, incorporating the Standard Contractual Clauses, is available here.
Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework
Our commitment. We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
- You have an opportunity to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorised by you. You can do so by contacting us at firstname.lastname@example.org. Please note that, in certain situations (e.g., when a disclosure is made to a third party that is acting as an agent to perform task(s) on our behalf or under our instructions and we have entered into a contract with such party), it may not be possible to opt-out with our impairing the services provided by us.
- Accountability for onward transfer. When we act in the capacity of a data controller and transfer your personal data to a third party, we comply with the Principles of “notice” and “choice” described above. We also enter into a contract with the third-party contractor that ensures that such data may only be processed for limited and specified purposes consistent with the consent provided by a data subject and that the recipient will provide the same level of protection as the Principles and, if this obligation is no longer met, a notification will be provided to us. The contract shall also provide that, when such a determination is made, the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate. When we transfer personal data to a third party acting as an agent (our data processor), we will ensure that the agent: (i) shall use personal data only for limited and specified purposes; (ii) is obligated to provide at least the same level of protection as it is required by the Principles; (iii) takes reasonable and appropriate steps to ensure that it effectively processes the personal data transferred in a manner consistent with our obligations under the Principles; (iv) is required to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; and (v) upon our notice, including under (iv), takes reasonable and appropriate steps to stop and remediate unauthorised processing of personal data. We will also provide a summary or a representative copy of the relevant privacy provisions of the contract, upon request of a public authority.
- We take reasonable and appropriate measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. When ensuring such security, we take into due account the risks involved in the processing and the nature of the personal data. Our security measures are listed in the section “Security”.
- Data integrity and purpose limitation. We collect only minimal amount of personal data that is relevant for the purposes of processing. We do not process personal data in a way that is incompatible with the purposes for which such personal data was collected or subsequently authorised by an individual. Moreover, we put reasonable efforts to ensure that personal data is reliable for its intended use, accurate, complete, and current. We adhere to the Principles for as long as we retain personal data.
- You have the right to access the personal data that we hold about you. Moreover, you are able to correct, amend, or delete that data where it is inaccurate, or has been processed in violation of the Principles. Your rights are described in detail in section “Your Rights”. Please note that this right cannot be exercised if the burden or expense of providing access to your personal data would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated. You can exercise your rights by contacting us at email@example.com.
More information about Privacy Shield. For more information on the Privacy Shield Framework, please visit https://www.privacyshield.gov . You can easily check our Privacy Shield status by visiting the website of the US Department of Commerce available at https:// www.privacyshield.gov/list .
Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may ask us to:
- Get a copy of your personal data that we store;
- Rectify inaccurate personal data;
- Move your personal data to another processor;
- Delete your personal data from our systems;
- Object and restrict processing of your personal data;
- Withdraw your consent; or
- Process your complaint regarding your personal data.
For example, you have an opportunity to choose (opt out) whether your personal data is (i) to be disclosed to a third party for purposes that are not relevant to your use of the Platform or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorised by you.
You can usually exercise your rights by using the settings and tools provided through the Platform. If you cannot use the settings and tools, please contact us by email at firstname.lastname@example.org and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
Data Protection Officer
We have appointed a data protection officer (“DPO”) who is responsible for ensuring that your personal data is handled in a lawful manner. To communicate with our DPO, please email email@example.com .
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. If you are an individual based in the EU or Switzerland and you would like to launch a complaint about the way in which your personal data is handled by us, we kindly ask you to contact us or our DPO first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible but no later than 2 weeks. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority (DPA).
We have also committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. Please refer to the section “Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework” for more information about such disputes.
We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles. For more information, please refer to section “Our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework” above.
|Email our DPO:||firstname.lastname@example.org|
|Phone:||+1 201 574 1903|
|Post address:||HelloCrowd, Inc
967 Hymettus Ave,
92024 United States