This privacy notice informs you about what information about you (“Personal Data” or “Personal Information”) we may collect directly or indirectly from you and that we create, store, transfer, share or delete (“Use”), the measures we use to protect your data and how you can exercise your rights.
We take your privacy and confidentiality seriously. We implement best practices for protecting your information and ensuring that you can access and control them at any time. This notice provides you with more information about what we do and how we process your personal data.
If the uses of your information change, we will provide you with more information when we are in contact with you, for example, through the website, by e-mail, in our information materials.Where necessary, we would do that by updating our privacy notice so that you can check it when you visit the Platform or our regular website at https://hubilo.com/.
Hubilo Technologies Inc. ("HUBILO", “we“, “us“ or “our“), has built the world’s most comprehensive and intuitive platform for virtual and hybrid events.
If HUBILO is collecting information directly from you, then HUBILO will act as the data controller. If HUBILO is receiving information from its customer, HUBILO will act as a data processor and shall process data as per the instructions received. If you have any questions related to handling of your personal information by HUBILO or to exercise your rights to privacy you can contact us at firstname.lastname@example.org.
i. “Account” means the self-service account created by the customer on Hubilo’s platform for using the services.
ii. “Customer Data”means all data submitted, displayed and/ or uploaded by the End User and/orAuthorized Administrator(s) and/or the Customer while registering for, accessing, hosting an event, and/ or otherwise using the Platform.
iv. “Customer'' means the Organizer that have a service agreement with Hubilo to use/access Hubilo Platform to host virtual events, which term shall include its employees, independent contractors, consultants, affiliates, successors and assigns using/accessing the platform/services.
v. “Customer Personal Data”: means any Personal Data that the Customer shares with or permits Hubilo to access, store, host, modify, share, delete and further process for the performance of the services, which is processed by Hubilo and/or its affiliates under this DPA.
vi. “End Users” or “Attendees” means the clients and all individuals who shall, from time to time, be attending or participating in the events organized by the Customer on the platform.
vii. “Processor” or “Data Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller and as instructed by the Controllers, usually for specific purposes and services accessible to the Controller.
viii. "Commercial Purposes" "Sell," have the meanings assigned to them in section 1798.140 of the CCPA.
ix. “Data Protection Officer“ (DPO) means, where applicable, an individual who are responsible for protection of Personal Data at Hubilo.
x. “Data Subject” means a natural person whose Personal Data is processed by a controller or processor.
xi. “Supervisory Authority” shall have the meaning assigned to it under the GDPR.
When navigating on our website, we will collect information about you which will help us in providing better services in accordance with, this privacy notice. As a data controller, Hubilo collects such data from the users of its website for product demonstrations, marketing purposes or for job vacancies.
Below, we list some of the main, for which we may collect Personal Information from you.
Examples of general categories of Personal Information
1. Contact information - First name, last name, business email address, phone number and company name.
2. Professional information - Job title, CVs and resume, educational information, professional qualifications, position, work experience, background checks, professional networks, programs, publications and activities, referrals and other relevant professional information where needed.
3. Information technology related data - The information we may collect might originate from your use of Hubilo’s website and mobile applications, and other connected devices and includes:
• Internet Protocol (IP) address, geolocation data, your browser, operating systems, device ID.
• Data captured by cookies which may include analytics information and information about the date and time of your request read our cookies section; or
• Information that we may collect that describes and gives information about other data ("metadata”). This Notice applies to the extent such metadata allows us to improve user experience. Where required under applicable Data Protection Laws, we will inform you and ask for your permission prior to collecting such information.
4. De-identified and anonymized information - We may use Personal information which is anonymized to improve our services.
Examples of personal data that may be collected by the Customer
1. Instance - Personal Data collected
2. Attendee account creation - For attendee account, we provide Facebook and LinkedIn social logins which take User's e-mail id, first name, last name and profile data of LinkedIn name, e-mail id, contact number. However, these fields are customizable and the customer may choose to collect personal information in addition to the above mentioned ones.
3. Event website - Event website may contain “Contact Us” section added by the Customer/event organizer. The Personal Information collected by them may include name, e-mail id, phone number, designation and so on which are totally customizable by the event organizer.
The event websites may have an option for the user too opt-in for subscriptions such as newsletters from the event organizer through the ‘Subscribe’ box. By opting in for the services, your e-mail id will be used to send you e-mails from the event organizer.
Some event websites may also include an embedded registration form where the User’s Personal Information may be asked viz. name, e-mail id, contact number etc. All these fields are customizable by the Customer alone.
Also, the Networking Community Platform has a messaging feature, newsfeed and view profiles for which the Personal Information is used. Customer/User may create a new post, share content on the newsfeed which may include text, images and videos on the Networking Community Platform.
5. Event App - The App may require a login which will also be from social profiles of Facebook and LinkedIn. While installing an App, certain permissions are required such as access to media files, storage, contacts etc. In case you wish to not provide such access, please, select the option “No”.
When connecting to our Site and using the Site via your user account, we will collect Personal Information about you, including for the following purposes:
Main purposes for which we may use your Personal Information
1. To assist customers with product and service inquiries - We access your Personal Data through your user account when you:
● request a demo or
● subscribe to our solution or
● agree to receive our newsletters, for upcoming products or to follow us and see our initiatives
We may have to identify you when you interact with us to respond to your queries and to deal with any inquiries that you may have in the context of a pre-contractual or contractual relationship with us.
2. Contacting purposes - We collect and Use Personal Data of:
● Business partners: including staff and third parties with whom you collaborate in the context of the services that you provide to us or in the context of a business relationship.
● Customers: when we keep your information to manage the contract with you in relation to the product or services your request from us.
This includes obtaining Personal Information before, during and after we enter into a contract with you, your organization and your staff.
4. Profiling - To better understand our audience and customers, we use certain personal information about you, including information that pertains to:
● your country, such as via your IP address and region
● your language
● your e-mail domains
● number of pages visited
● number of e-mails received and when you open it
● your communications with us, such as instant messages, phone calls, and e-mails exchanged with us
We will only use aggregate information for this purpose.
In addition to the above-mentioned purposes, we are also collecting Personal Information to provide you with a secure, smooth, efficient, and customized experience on the Platform. We process your Personal Information and non-Personal Information to create, develop, operate, deliver, and improve the Platform and the Services. We will not collect any additional categories of Personal Information or use the Personal Information collected by us for materially different, unrelated, or incompatible purposes without seeking your express consent.
This is a global Notice and shall apply wherever you reside. In this section, we describe our legal justifications (commonly referred to as “legal basis”) for the Use of your Personal Information related to each of our main processing activities.
Please note: depending on the country where you reside, the law of your country may not require that we use a specific legal basis to justify using your Personal Information, including transfers of your Personal Information outside your country (e.g.: in certain US federal or State laws). If your jurisdiction requires consent to Process your Personal Information when you interact with us, we will obtain your consent prior to the use of such Information.
Below, we explain to you which legal basis we choose or use when Using your Personal Information.
Legal basis - Examples of processing activities and purposes for use
1. Based on our contract with you - As one of our customers (when you create your account), or business partner we will keep and store your personal or professional contact details to interact, and provide you with related offers as a customer, and manage the (pre-) contract or your user account, and for administrative or billing purposes.
2. Based on your prior consent (where permitted or required by law upon)
● We collect information about you when navigating on our sites and other features, when you submit queries or interact with us
● We use your information in the context of a sale to propose you similar offers or inform you about upcoming products and send newsletters; or use metrics for statistics purposes. Depending on your country of residence, we may have to request your prior consent for example:
● When subscribing to our newsletters;
● Sharing or disclosing your Personal Data to third parties outside of your country of residence in countries that do not provide the same level of protection to your privacy as in your country of residence;
● Using forms, when creating your user account; or when using cookies or similar technologies.
3. To comply with applicable law or Data Protection laws - In some limited instances, we may have to keep some limited Personal information about you longer than needed such as for tax or accounting purposes.
For users who have provided their personal data to Hubilo on our website, we will keep personal information we collect about you for as long as necessary for providing the services via our websites and to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes). Hubilo shall retain the Customer Personal Data for a period of 1 (one) year and 90 (ninety) days from the date of termination of the agreements with the customers solely for repurposing and/or reusing the Customer Personal Data for any future events hosted by the Customer on the Platform. Hubilo shall not use this data for any purpose apart from retaining it for the Customer. Post completion of the above mentioned retention period, Hubilo shall automatically delete all data provided by the Customer.
Table for data retention, legal basis and purpose for each category of personal data
Categories of Personal Data - Purpose and legal basis for the processing
1. Visitors data including name:
• Purpose: To provide and improve the product and services
• Legal basis: Consent (cookies, sending newsletters, for providing demo) and Legitimate Interest (to respond to your queries about Hubilo product and services)
2. Customer data:
• Purpose: To interact, and provide you with related offers as a customer, and manage the (pre-) contract or your user account, and for administrative or billing purposes.
• Legal basis: Contract (to provide products and services for fulfillment, administrative or billing purposes) Legitimate Interest to provide you with related offers as a customer
3. Customer data:
• Purpose: As defined by the customer
• Legal Basis: Hubilo is the processor and the legal basis is defined by the customer
Who can access your Personal Data?
Only duly authorized Hubilo employees can access your Personal Data on a need to know basis.
Cross-border Personal Data transfer
When we receive information about you, such as for applying to Hubilo or exchanging information with us, we will receive and process your Personal Information. When you exchange information with other users, you acknowledge that Personal Information about you or other data subjects may leave your country of residence, which may require to implement appropriate or additional safeguards in accordance with applicable Data Protection Laws. Note that all information, which includes data that constitutes confidential information and/or Personal Data is hosted in EU and US as explained in sections below.
a) Transfer within the EEA, Switzerland and approved countriesIf you are located in a country of the European Economic Area (EEA) or in a country that is recognized as having an adequate legislation for the protection of Personal Data in your country (e.g.:Argentina, Australia, Canada, Israel, New Zealand, Uruguay), your rights to privacy rely on appropriate guarantees with regard to cross-border Personal Data transfer to your country of residence.
b) Transfer to third country jurisdictions if you are located in a country without having an adequate level of protection, we will rely on appropriate safeguards to send Personal Data outside your country of residence. Most of the time, you will share such Personal Information with us, via our websites, forms and e-mails, on a voluntary basis, for the purpose of entering into a contract with HUBILO or based on of your consent. This occurs for example where the processing activity relates to: (a) the registration and management of your account, (b) enter into a contract with us,
c) Disclosure with third parties In certain limited cases, authorized third parties outsideour organization may access your data. These may include:
• Third parties who provide us with services for the administration of the Platform (such as IT services in the event of a breakdown or for the maintenance of our Platform);
• Other third parties, such as auditors, data centers or other authorized third parties only when required by law or by a court decision, to defend legal claims or in case of an investigation by a supervisory authority.
Where engaging third parties, we have entered into agreements with them for the processing of your Personal Data about you so that such processing is carried out in accordance with our instructions, in a confidential, secure, transparent manner, to protect your privacy rights and comply with the application Data Protection Laws.
Cookies or similar tracking technologies may be used on the site to automatically collect certain information about your device. We usually do not collect your Personal Data, however, should it happen, this may include Personal Information as explained in this section.
Where appropriate, you can also read how tracking technologies work on other websites you use by accessing the respective cookie notice.
Where permitted and feasible, and to protect your right to privacy, Hubilo will take reasonable steps to remove or anonymize information that may directly or indirectly identify you and restrict to the minimum the amount of Personal Information that we use, submit or transfer to third parties.
You always have the opportunity to easily unsubscribe, at any time, from our marketing communications. You can achieve this by using the "unsubscribe" link in our communications or by contacting us at email@example.com or firstname.lastname@example.org.
We implement appropriate technical and organizational controls to protect your Personal Information that we hold to prevent unauthorized processing, loss of data, disclosure, use, alteration, or destruction. Where appropriate, we may use protective techniques such as encryption, pseudonymisation, de-identification and other technologies that can assist us in securing the information about you, including measures to restore access to your information. We also require our service providers to comply with reasonable and recognized data privacy, confidentiality, integrity, availability and security requirements.
We conduct tests and reviews of our technologies and processes, including a review of our business partners and vendors, so that our security controls remain effective. Also, when not needed anymore, we will further anonymize your Personal Information or delete it when it is no longer needed for the purpose for which we originally collected such Information.
List of security measures
We have configured our systems to apply industry standard information security measures and used recognized security framework to protect your information, which includes, inter alia:
✔ TIER IV servers (ISO 27001 and FINMA) where data is hosted exclusively in XXX data centers with dedicated hardware and on-site security;
✔ All systems are monitored by approved Swiss third party IT service providers;
✔ Last generation firewalling;
✔ HTTPS and SSL encryption, file encryption, Password strength requirements;
✔ Access controls via privileges and roles;
✔ Software built in accordance with privacy by design and by default principles;
✔ Automated security audits that are scheduled bi-weekly (qualys.com);
✔ Semi-automated audit systems and services (such as via: ImmuniWeb, SSL Labs, WebPageTest, Yellow Lab among others) for each new release;
✔ Periodic penetration tests carried out.
✔ Conducting privacy and security training of the organization
✔ Encryption of Personal Information
✔ Data Protection Management
Where we use third party suppliers to help us with information security measures, they have committed to comply with strict data protection requirements to ensure maximum confidentiality, integrity, and availability of your Personal Data.
We do not conduct any such tasks with user data via our Platform.
A) Links to other websites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy notice of every site you visit. We have no control over and assume no responsibility for the content, privacy notice or practices of any third party sites or services.
B) Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children“). We do not knowingly collect personally identifiable information from anyone under the age of 18 on a voluntary basis. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental, judicial or guardian’s consent, we take steps to remove that information from our servers.
C) Data breach and incidents
We have procedures and safeguards in place to identify, assess, investigate and report data breaches at the earliest possible time. Our procedures are robust and have been disseminated to our staff who are regularly trained and informed about good IT security practices. We also ensure the confidentiality, integrity and accessibility of your data at all times.
For users who have provided their personal data to Hubilo on our website, we will keep Personal Information we collect about you for as long as necessary for providing the services via our websites and to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes).
Where we have no legitimate business interest to continue to process your Personal Data or if you ask us for deletion, we will either delete, anonymize it or, if this is not possible (for example, if Personal Data has been stored in secured archives), we will securely store and isolate your information from any further processing until the deletion becomes possible and delete it as soon as technically possible. We will use any technology or other means to protect your data and mitigate any risks, such as obfuscation, blanking or encryption.
For attendees whose data has been provided to us by our Customers, we will retain the data for a period of one year and 90 days post expiration of the contract unless the Customer requests us to delete the data at an earlier date. Post expiration of the contract, all customer and its attendee data will be automatically deleted by us.
As a user of our services and a customer on our Site, and depending on your country of residence, you may have the right to exercise your rights and / or file a complaint in front of a competent data protection authority.
Access, Restrict, Rectification, Erasure
Under applicable data protection law, you may have a right to request a copy of information about you held by us. You may also have the right to rectify, restrict, or erase/delete such information. Your rights to such information maybe subject to limited legal and regulatory restrictions.
Objection to processing and additional rights
Under applicable data protection law (e.g. European data privacy law), you may formally object to the processing of your Personal Information. In certain circumstances, you may have the additional right to restrict or suspend aspects of the processing of your information or ask for a copy of your data to be provided to you, or a third party, in a digital and machine readable format (portability).
Objection to direct marketing
You have the right to object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing. If we process your information based on our legitimate interests you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your information for direct marketing for our own services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
US State privacy laws
Under certain US State laws, you may have certain rights attached to our use of your Personal Information. In particular, if you are located in a US State that regulate the sale of you information, Hubilo does not sell your information, nor discloses or shares any information about you with third parties for their commercial benefit, when you are located in these US States. You can contact us for more information.
The California ConsumerPrivacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information held by private companies. In particular, we do not: (i) sell any Personal Information from individuals located in California, (ii) share any such Personal Information with third parties for their own commercial benefits, nor (iii) discriminate against you in any kind. Californian individuals can exercise their rights by contacting us at email@example.com or firstname.lastname@example.org.
Rights of European Individuals to complain in front of Data Protection Authorities
In the event that any individual located in the EEA countries, UK and Switzerland believes that we have processed information in a manner that is unlawful or breaches your rights, or has infringed the “General Data Protection Regulation”, the ICO UK, or the Swiss Federal Data Protection Act, you have the right to complain directly to the competent data protection authority. The list of those authorities can be found on the European Data Protection Board website or here: https://edpb.europa.eu/about-edpb/board/members_en.
You may exercise your rights of access, rectification, restring processing and erasure by contacting us at email@example.com or firstname.lastname@example.org. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to You as soon as possible.
We provide easily accessible information via our website or on request. If you have any questions or requests related to data protection, please contact us at the following contact details.
Hubilo Technologies Inc.
Hubilo Technologies Inc, 505
Montgomery Street, 10th floor,
San Francisco, CA 94111
Email: email@example.com, firstname.lastname@example.org