This Policy informs you about what information (“Personal Data” or “Personal Information”) we may collect directly or indirectly from you and that we create, store, transfer, share or delete (“Use” or “ Process”), the measures we use to protect your data and how you can exercise your rights.
If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
The Policy does not apply to information collected by any third party, including through any third-party application or content (including advertising) that links to or is accessible from our applications or websites.
Hubilo Technologies Inc, and its corporate affiliates ( “Hubilo” or “ We”, “Us”, “our”) are committed to protecting your privacy and safeguarding your Personal Data through our compliance with this Policy . We implement various data protection regulations and best practices prevalent in the industry and for protecting Your information and ensuring that You can access and control them at any time. This Policy provides detailed information on how Hubilo collects information, together with the privacy and security practices it implements on the Platform.
If the Use of Your information changes, We will provide You with more information when we are in contact with You, for example, through the website, by email or in ur information materials on our Platform. Where necessary, We would do that by updating our Policy so that You can check it when You visit the Platform at https://Hubilo.com/.
Hubilo has built the world’s most comprehensive and intuitive Platform for virtual and hybrid event hosting, wherein the Customer (defined hereunder) of an event can licence Hubilo’s application and can connect with the Attendee (defined hereunder) through our Hubilo application (“Services”) .
If Hubilo is collecting information directly from you, then Hubilo will act as the Data Controller (defined hereunder). If Hubilo is receiving information from its Customer, Hubilo will act as a Data Processor (defined hereunder) and shall process data as per the instructions received by the Data Controller. If you have any questions related to handling of Your Personal Data by Hubilo or to exercise Your rights to privacy You can contact us at email@example.com.
We collect information about You when You provide it to Us, when You Use our Services or Platform, and when other sources provide it to Us. When connecting and/or navigating on our Platform, We will collect information about You which will help Us in providing better Services as part of Hubilo business functioning. As a Data Controller, Hubilo collects such data from You for various reasons, such as, product demonstrations, marketing purposes or for job vacancies/ career applications or for other purpose(s) when You provide Your explicit consent for such purpose(s).
Below, is a list of general categories of Personal Information we collect from You :
General categories of Personal Information
Other Transactional/ Payment details collected that are not Personal Data : When using our Services, You may provide Your company bank account details ( such as, Account Number, IFSC, UPI ID, Swift Code) these details will only be used if You want to provide offline payment methods, other than those provided to You by Hubilo, to the Event Attendees. Kindly note that these details pertain to Customer’s company transaction/ payment details and not individual event organiser and are not Personal Data under the Applicable Data Protection Laws.
The Customer may collect the following Personal Data of Attendees:
Types of Personal Data that is collected by the Hubilo Customers
As the purpose for collection of the Personal Data, when Customer is the Data Controller, is defined by the Customer, Hubilo merely processes the data, it does not control the data or define the purpose of its collection, thus Hubilo merely acts on the instructions of the Customer for collection of such Personal Data.
When connecting to our Platform and using our Services, We will collect Personal Information about You, for the following purposes:
Purpose(s) for which We Use Your Personal Data
We may have to identify you when you interact with us to respond to your queries and to deal with any inquiries that you may have in the context of a pre-contractual or contractual relationship with us.
This includes obtaining Personal Information before, during and after We enter into a contract with You, Your organization and Your staff.
We will only Use aggregate information for this purpose.
In addition to the above-mentioned purposes, We are also collecting Personal Information to provide You with a secure, smooth, efficient, and customized experience on the Platform. We process Your Personal Information and non-Personal Information to create, develop, operate, deliver, and improve the Platform and the Services. We will not collect any additional categories of Personal Information or Use the Personal Information collected by Us for materially different, unrelated, or incompatible purposes without seeking Your express consent.
This is a global Policy and shall apply wherever You reside. In this section, We describe our legal justifications (commonly referred to as “legal basis”) for the Use of Your Personal Information related to each of our main processing activities.
Please note: depending on the country where You reside, the law of Your country may not require that We use a specific legal basis to justify Using Your Personal Information, including transfers of Your Personal Information outside Your country of residence (Example : GDPR). If Your jurisdiction requires consent to Process Your Personal Information when You interact with Us, We will obtain Your consent prior to the Use of such Personal Information.
Below, We explain to You the Hubilo's legal basis when processing Your Personal Information.
Legal basis - processing activities and purposes for Use of Personal Information
Hubilo will retain Your Personal Data only for as long as is necessary for the purposes set out in this Policy.
For users who have provided their Personal Data to Hubilo on our Platform, We will keep Personal Data We collect about You for as long as necessary for providing the Services via our Platform and to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes).
Hubilo shall retain the Customer Personal Data for 3 years from the date of termination of the agreement(s) with the Customers solely for repurposing and/or reusing the Customer Personal Data for any future events hosted by the Customer on the Platform. Hubilo shall not use this data for any purpose apart from retaining it for the Customer. Post completion of the above mentioned retention period, Hubilo shall automatically delete all data provided by the Customer from the Hubilo database.
Below you can find details about data retention, legal basis and purpose for each category of Personal Data -
Data retention and deletion
Where We have no legitimate business interest to continue to Process Your Personal Data or if You ask Us for deletion, we will either delete, anonymise it or, if this is not possible (for example, if Personal Data has been stored in secured archives), We will securely store and isolate Your information from any further processing until the deletion becomes possible and delete it as soon as technically possible. We will Use advanced technology that are certified as best (practices) in the industry or other means to protect Your data and mitigate any risks, such as obfuscation, blanking or encryption.
For Attendees data that has been provided to Us by our Customers, We will retain the data for a period of 3 years post expiration of the contract unless the Customer requests Us to delete the data at an earlier date. Post expiration of the retention period, all Customer and the Attendee data will be automatically deleted by Us from the all Hubilo database, including Third-Party Service Providers database(s).
Only duly authorized Hubilo employees can access Your Personal Data on a need to know basis.
Disclosure of Personal data to Third-Party Service Providers
In certain limited cases, authorized Third-Party Service Providers outside our organization may access Your Personal Data. These may include:
You expressly consent to the disclosure of Your Personal Data to the relevant Third Party Service Providers whose services Hubilo uses for the following in-exhaustive list of services, such as, marketing, analysis, advertisement, contract management, billing, consent management, data subject rights management, cloud service management.
When engaging Third Party Service Providers, we have entered into agreements with them for the processing of Your Personal Data about You so that such processing is carried out in accordance with our instructions, in a confidential, secure, transparent manner, to protect Your privacy rights and comply with the Applicable Data Protection Laws.
Disclaimer – We are not clubbing cookie polices (dashboard and community) in this Policy as its it pertains to a different website.
Where appropriate, You can also read how tracking technologies work on other websites You use by accessing the respective cookie notice.
Where permitted and feasible, and to protect Your right to privacy, Hubilo will take reasonable steps to remove or anonymize information that may directly or indirectly identify You and restrict to the minimum the amount of Personal Information that We Use, submit or transfer to Third-Party Service Providers.
Unsubscribe from our Hubilo Newsletter
You always have the opportunity to easily unsubscribe, at any time, from our marketing communications. You can achieve this by using the "unsubscribe" link in our communications or by contacting Us at firstname.lastname@example.org or email@example.com.
Withdrawal of consent
Where Hubilo processes Your Personal Data on the basis of consent, You have the right and may choose to withdraw Your consent at any point in time. Kindly notify Hubilo of such withdrawal by communicating to Us at privacy@Hubilo.com or mydata@Hubilo.com.
In case You do not wish to provide Your consent or later withdraw Your consent, We request You not to access the Platform and use our Services and We also reserve the right to not provide You any Services or information on the Platform. On such instances wherein You have withdrawn Your consent, Hubilo may delete Your information (personal or otherwise) or de-identify it so that it is anonymous and not attributable to You (except to the extent, as detailed in " LEGAL BASIS FOR PROCESSING YOUR INFORMATION" of this Policy).
Wherever Hubilo acts as Data Processor, it merely processes Personal Data under the direction of the Customers and has no direct control or ownership of the Personal Data We Process.
It is the responsibility of the Customers for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to Hubilo for further processing purposes. Attendee’s of an event that seeks to access, correct or delete data, should direct their request to the Customer. If the Customer requests Hubilo to delete, rectify or access the Personal Data of an Attendee to comply with Applicable Data Protection Laws, Hubilo will process this request within the required time frame under the Applicable Data Protection Laws.
Kindly note that Hubilo will not process a Data Subject request to change information that may cause the information to be incorrect, fraudulent, misrepresented or violates any law of land or legal statute. In such instances, We will inform the Customer about the legal obligations that prevent Us from fulfilling the request.
We implement appropriate technical and organisational controls to protect Your Personal Data that We hold to prevent unauthorised Processing, loss of data, disclosure, use, alteration, or destruction. Where appropriate, We may Use protective techniques such as encryption, pseudonymisation, de-identification and other technologies that can assist Us in securing the information about You, including measures to restore access to Your Personal Information. We also ensure that our Third-Party Service Providers comply with reasonable and recognized data privacy, confidentiality, integrity, availability and security requirements.
We conduct tests and reviews of our technologies and processes, including a review of our business partners and vendors, so that our security controls remain effective. Also, when not needed anymore, We will further anonymize Your Personal Data or delete it when it is no longer needed for the purpose for which We originally collected such Personal Information from You.
Security measures taken by Hubilo to protect Your Personal Information
We have configured our systems to apply industry standard information security measures and used recognized security framework to protect Your Personal Information, which includes, inter alia:
✔ TIER IV servers (ISO 27001 and FINMA) where data is hosted exclusively in data centers with dedicated hardware and on-site security;
✔ All systems are monitored by approved Swiss third party IT service providers;
✔ Last generation fire-walling;
✔ HTTPS and SSL encryption, file encryption, Password strength requirements;
✔ Access controls via privileges and roles;
✔ Software built in accordance with privacy by design and by default principles;
✔ Automated security audits that are scheduled bi-weekly (qualys.com);
✔ Semi-automated audit systems and services (such as via: ImmuniWeb, SSL Labs, WebPageTest, Yellow Lab among others) for each new release;
✔ Periodic vulnerability assessment and penetration tests carried out;
✔ Conducting yearly privacy and security training of the entire organisation;
✔ Complete vendor risk management before onboarding of Sub-processors/ Third-Party Service Providers;
✔ Mandatory compliance of non- disclosure agreements by Hubilo employees and vendors;
✔ All systems and applications undergo regular security review for vulnerabilities prior to production deployment;
✔ Encryption of Personal Data at rest and in transit;
✔ Hubilo is SOC 2 Type 2 accredited and uses
✔ Hubilo maintains industry standard security incident response policies and procedures
✔ Encryption of Personal Information
✔ Hubilo uses Amazon Web Services SOC 2 accredited data centers
Where We Use Third-Party Service Providers to help us with information security measures, they have committed to comply with strict security, data protection requirements and privacy requirements that are not just best practices in the industry but to comply with Applicable Data Protection Laws to ensure maximum confidentiality, integrity, and availability of Your Personal Data.
When we receive information about You, such as for applying to Hubilo or exchanging information with Us, We will collect, process and store Your Personal Data according to Applicable Data Protection Laws and in accordance with this Policy. Most of the time, You will share such Personal Data with Us, via our Platform, forms and e-mails, on a voluntary basis, for the purpose of entering into a contract with Hubilo or based on Your explicit consent.
When You exchange information with other Third-Party Service Providers, You acknowledge that Personal Data about You or other data subjects may leave Your country of residence, which may require implementing appropriate/ supplementary or additional safeguards in accordance with Applicable Data Protection Laws.
Kindly note that Hubilo will follow appropriate level of protection and deploy all necessary safeguards for transfer of such data that constitutes confidential information and/or Personal Data, additionally such transfers, to any country(s) which do not ensure an adequate level of data protection, Hubilo will ensure that the transfer is through one of the following mechanisms:
i) in accordance with the Swiss-U.S. and EU-U.S. Privacy Shield Framework and Principles issued by the U.S. Department of Commerce, both available at https://www.privacyshield.gov/EU-USFramework (the “Privacy Shield Principles”), or
ii) the Standard Contractual Clauses set forth and approved by the European Commission
In the event that European Union authorities or courts determine that the Privacy Shield is not an appropriate basis for transfers, Hubilo and Customer, and wherever applicable Hubilo Sub-processors agree to promptly execute an approved Standard Contractual Clause to govern such transfers.
Our Service does not address anyone under the age of 18 (“Children“). We do not knowingly collect Personal Information from anyone under the age of 18 on a voluntary basis. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Information, please contact Us. If We become aware that We have collected Personal Information from children without verification of parental, judicial or guardian’s consent, We take steps to remove that information from our data servers.
We have procedures and safeguards in place to identify, assess, investigate and report Personal Data breaches at the earliest possible time. Our procedures are robust and have been disseminated to our staff who are regularly trained and informed about industry certified best IT security practices. We also ensure the confidentiality, integrity and accessibility of Your Personal Data at all times. For further information on Hubilo Personal Data breach notification and communication kindly click here.
As a User of our Services and Platform, and depending on Your country of residence, You may have the right to exercise your rights and/ or file a complaint to competent data protection authority/ Supervisory authority.
Access, Restrict, Rectification, Erasure
Under Applicable Data Protection Laws, You have the right to control Your data You may request a copy of information about You held by Us. You also have the right to rectify, restrict, or erase/delete such information. Your right(s) to such information may be subject to limited legal and regulatory restrictions.
Objection to processing and additional rights
Under Applicable Data Protection law, You can formally object to the processing of Your Personal Data. In certain circumstances, You have the additional right to restrict or suspend aspects of the processing of Your information or ask for a copy of Your Personal data to be provided to You, or a Third-Party Service Provider, in a digital and machine-readable format (portability).
Objection to direct marketing
You have the right to object to certain processing of Your information. This includes the right to object to our processing of Your information for direct marketing. If We Process Our information based on our legitimate interest(s) You can object to this processing, and We will cease processing Your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where We Use Your information for direct marketing for our own services, You can always object and opt-out of future marketing messages using the unsubscribe link provided in such communications.
US State privacy laws
Under certain US State laws, You may have certain rights attached to Our Use of Your Personal Data. In particular, if you are located in a US State that regulates the sale of Your information, Hubilo does not sell Your information, nor discloses or shares any information about You with third parties for their commercial benefit, when You are located in these US States. You can contact Us for more information.
The California Consumer Privacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information held by private companies. In particular, we do not:
(i) sell any Personal Information from individuals located in California,
(ii) share any such Personal Information with third parties for their own commercial benefits, nor
(iii) discriminate against you in any kind.
In addition to the above mentioned rights under California Law You have the right to (subject to statutory or restrictions):
All Personal Information that is collected from You is in accordance with this Policy, including the Use of different categories of Your Personal data that has been collected from You, the disclosure of Your Personal Information is as per this Policy.
Rights of European Individuals to complain in front of Data Protection Authorities
In the event that any individual located in the EEA countries, UK and Switzerland believes that we have processed information in a manner that is unlawful or breaches your rights, or has infringed the “General Data Protection Regulation”, the ICO UK, or the Swiss Federal Data Protection Act, you have the right to complain directly to the competent data protection authority. The list of those authorities can be found on the European Data Protection Board website or here: https://edpb.europa.eu/about-edpb/board/members_en.
Please note that We may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible and within the stipulated time frame under the Applicable Data Protection Laws.
We may update this Policy from time to time. You are advised to review the updated Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page and any modifications can be ascertained by referring to the date that is displayed at the top of the page marked as, “ Last updated”.
We provide easily accessible information via our Platform or on request. If You have any questions or requests related to this Policy or Your Personal Information, please contact us at the following contact details -
Hubilo Technologies Inc.
Hubilo Technologies Inc, 505
Montgomery Street, 10th floor,
San Francisco, CA 94111
Hubilo Data Protection Officer
Name: Yuvraj Saxena
Hubilo EU representative
25/28 North Wall Quay
Dublin 1, D01 H104