19
1
This Privacy Policy (“Policy”) applies to all individuals with whom we interact in the course of our business. This happens when you use our Hubilo website (the “Site”) or platform, if you are a visitor or an authorized user of our Site, a user, Customer or prospect who follows our activities, our potential or current business partner, investor, suppliers, or as one of our Customers. When using our Site or creating an account to use our Site or platform, you become an authorized user (“user”, “you” or “your”) and shall use our Sites in accordance with our Terms of Use.
This Policy informs you about what information about you (“Personal Data” or “Personal Information”) we may collect directly or indirectly from you and that we create, store, transfer, share or delete (“Use”), the measures we use to protect your data and how you can exercise your rights regarding your Personal Data.
2
We take your privacy and confidentiality seriously. We implement best practices for protecting your information and ensuring that you can access and control them at any time. This Policy provides you with more information about what we do and how we process your Personal Data.
If the uses of your information change, we will provide you with more information when we are in contact with you, for example, through the website, by e-mail, in our information materials. Where necessary, we would do that by updating our Privacy Policy so that you can check it when you visit the Site at https://Hubilo.com/.
3
Hubilo Technologies Inc. ("Hubilo", “we“, “us“ or “our“), has built the world’s most comprehensive and intuitive platform for virtual and hybrid events.
If Hubilo is collecting information directly from you, then Hubilo will act as the data controller. If Hubilo is receiving information from its customer, Hubilo will act as a Data Processor and shall process data as per the instructions received by the Customer/ Data Controller. If you have any questions related to handling of your Personal Information by Hubilo or to exercise your rights you can contact us at privacy@hubilo.com.
4
5
When navigating on our Site, we will collect information about you which will help us in providing better services in accordance with, this Policy. As a Data Controller, Hubilo collects such data from the users of its website for product demonstrations, marketing purposes or for job vacancies.
Below, we list some of the main, for which we may collect Personal Information from you.
Examples of general categories of Personal Information
Examples of Personal Data that may be collected by the Customer
6
When connecting to our Site and using the Site via your user account, we will collect Personal Information about you, including for the following purposes:
Main purposes for which we may use your Personal Information
7
This is a global Policy and shall apply wherever you reside. In this section, we describe our legal justifications (commonly referred to as “legal basis”) for the Use of your Personal Information related to each of our main processing activities.
Please note: depending on the country where you reside, the law of your country may not require that we use a specific legal basis to justify using your Personal Information, including transfers of your Personal Information outside your country (e.g.: in certain US federal or State laws). If your jurisdiction requires consent to Process your Personal Information when you interact with us, we will obtain your consent prior to the use of such Information.
Below, we explain to you which legal basis we choose or use when using your Personal Information.
Legal basis - Examples of processing activities and purposes for use
8
Hubilo will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
For users who have provided their personal data to Hubilo on our Site, we will keep Personal Information we collect about you for as long as necessary for providing the services via our websites and to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes). Hubilo shall retain the Customer Personal Data for a period of 1 (one) year and 90 (ninety) days from the date of termination of the agreements with the customers solely for repurposing and/or reusing the Customer Personal Data for any future events hosted by the Customer on the Site. Hubilo shall not use this data for any purpose apart from retaining it for the Customer. Post completion of the above mentioned retention period, Hubilo shall automatically delete all data provided by the Customer.
Below you can find details about data retention, legal basis and purpose for each category of Personal Data -
9
Who can access your Personal Data?
Only duly authorized Hubilo employees can access your Personal Data on a need to know basis.
Cross-border Personal Data transfer
When we receive information about you, such as for applying to Hubilo or exchanging information with us, we will receive and process your Personal Information. When you exchange information with other users, you acknowledge that Personal Information about you or other data subjects may leave your country of residence, which may require to implement appropriate or additional safeguards in accordance with applicable Data Protection Laws.
Kindly note that Hubilo will follow appropriate level protection and deploy safeguards for all information, which includes data that constitutes confidential information and/or Personal Data, additionally below mentioned are some scenarios wherein Personal data is shared/ transferred -
a) Transfer to third country jurisdictions: If you are located in a country without having an adequate level of protection, we will rely on appropriate safeguards ( eg. Standard Contractual Clauses) to send Personal Data outside your country of residence. Most of the time, you will share such Personal Information with us, via our websites, forms and e-mails, on a voluntary basis, for the purpose of entering into a contract with Hubilo or based on of your consent. This occurs for example where the processing activity relates to: (a) the registration and management of your account, (b) enter into a contract with us,
b) Disclosure with third parties: In certain limited cases, authorized third parties outside our organization may access your data. These may include:
• Third parties who provide us with services for the administration of the Site (such as IT services in the event of a breakdown or for the maintenance of our Site);
• Other third parties, such as auditors, data centers or other authorized third parties only when required by law or a court decision, to defend legal claims or in case of an investigation by a supervisory authority.
Where engaging third parties, we have entered into agreements with them for the processing of your Personal Data about you so that such processing is carried out in accordance with our instructions, in a confidential, secure, transparent manner, to protect your privacy rights and comply with the application Data Protection Laws.
10
Cookies or similar tracking technologies may be used on the site to automatically collect certain information about your device. We usually do not collect your Personal Data, however, should it happen, this may include Personal Information as explained in this section.
For more details on the cookies we use, refer to cookie policy. Note – we are not clubbing cookie polices (dashboard and community) in privacy policy as its very large.
Where appropriate, you can also read how tracking technologies work on other websites you use by accessing the respective cookie notice.
11
Where permitted and feasible, and to protect your right to privacy, Hubilo will take reasonable steps to remove or anonymize information that may directly or indirectly identify you and restrict to the minimum the amount of Personal Information that we use, submit or transfer to third parties.
12
You always have the opportunity to easily unsubscribe, at any time, from our marketing communications. You can achieve this by using the "unsubscribe" link in our communications or by contacting us at privacy@hubilo.com or mydata@hubilo.com.
13
We implement appropriate technical and organizational controls to protect your Personal Information that we hold in order to prevent unauthorized processing, loss of data, disclosure, use, alteration, or destruction. Where appropriate, we may use protective techniques such as encryption, pseudonymisation, de-identification and other technologies that can assist us in securing the information about you, including measures to restore access to your information. We also require our service providers to comply with reasonable and recognized data privacy, confidentiality, integrity, availability and security requirements.
We conduct tests and reviews of our technologies and processes, including a review of our business partners and vendors, so that our security controls remain effective. Also, when not needed anymore, we will further anonymize your Personal Information or delete it when it is no longer needed for the purpose for which we originally collected such Information.
List of security measures
We have configured our systems to apply industry standard information security measures and used recognized security framework to protect your information, which includes, inter alia:
✔ TIER IV servers (ISO 27001 and FINMA) where data is hosted exclusively in XXX data centers with dedicated hardware and on-site security;
✔ All systems are monitored by approved Swiss third party IT service providers;
✔ Last generation firewalling;
✔ HTTPS and SSL encryption, file encryption, Password strength requirements;
✔ Access controls via privileges and roles;
✔ Software built in accordance with privacy by design and by default principles;
✔ Automated security audits that are scheduled bi-weekly (qualys.com);
✔ Semi-automated audit systems and services (such as via: ImmuniWeb, SSL Labs, WebPageTest, Yellow Lab among others) for each new release;
✔ Periodic penetration tests carried out.
✔ Conducting privacy and security training of the organization
✔ Encryption of Personal Information
✔ Data Protection Management
Where we use third party suppliers to help us with information security measures, they have committed to comply with strict data protection requirements to ensure maximum confidentiality, integrity, and availability of your Personal Data.
14
Tasks that are not performed on our Site with user data
A) Links to other websites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy notice of every site you visit. We have no control over and assume no responsibility for the content, privacy notice or practices of any third party sites or services.
B) Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children“). We do not knowingly collect personally identifiable information from anyone under the age of 18 on a voluntary basis. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental, judicial or guardian’s consent, we take steps to remove that information from our servers.
C) Data breach and incidents
We have procedures and safeguards in place to identify, assess, investigate and report data breaches at the earliest possible time. Our procedures are robust and have been disseminated to our staff who are regularly trained and informed about good IT security practices. We also ensure the confidentiality, integrity and accessibility of your data at all times.
15
Data retention
For users who have provided their Personal Data to Hubilo on our Site, we will keep Personal Information we collect about you for as long as necessary for providing the services via our websites and to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes).
Where we have no legitimate business interest to continue to process your Personal Data or if you ask us for deletion, we will either delete, anonymize it or, if this is not possible (for example, if Personal Data has been stored in secured archives), we will securely store and isolate your information from any further processing until the deletion becomes possible and delete it as soon as technically possible. We will use any technology or other means to protect your data and mitigate any risks, such as obfuscation, blanking or encryption.
For attendees whose data has been provided to us by our Customers, we will retain the data for a period of one year and 90 days post expiration of the contract unless the Customer requests us to delete the data at an earlier date. Post expiration of the contract, all customer and its attendee data will be automatically deleted by us.
16
As a user of our services and a customer on our Site, and depending on your country of residence, you may have the right to exercise your rights and / or file a complaint in front of a competent data protection authority.
Access, Restrict, Rectification, Erasure
Under applicable data protection law, you may have a right to request a copy of information about you held by us. You may also have the right to rectify, restrict, or erase/delete such information. Your rights to such information maybe subject to limited legal and regulatory restrictions.
Objection to processing and additional rights
Under applicable data protection law (e.g. European data privacy law), you may formally object to the processing of your Personal Information. In certain circumstances, you may have the additional right to restrict or suspend aspects of the processing of your information or ask for a copy of your data to be provided to you, or a third party, in a digital and machine readable format (portability).
Objection to direct marketing
You have the right to object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing. If we process your information based on our legitimate interests you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your information for direct marketing for our own services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
US State privacy laws
Under certain US State laws, you may have certain rights attached to our use of your Personal Information. In particular, if you are located in a US State that regulate the sale of you information, Hubilo does not sell your information, nor discloses or shares any information about you with third parties for their commercial benefit, when you are located in these US States. You can contact us for more information.
California-Specific Rights
The California ConsumerPrivacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information held by private companies. In particular, we do not: (i) sell any Personal Information from individuals located in California, (ii) share any such Personal Information with third parties for their own commercial benefits, nor (iii) discriminate against you in any kind. Californian individuals can exercise their rights by contacting us at privacy@hubilo.com or mydata@hubilo.com.
Rights of European Individuals to complain in front of Data Protection Authorities
In the event that any individual located in the EEA countries, UK and Switzerland believes that we have processed information in a manner that is unlawful or breaches your rights, or has infringed the “General Data Protection Regulation”, the ICO UK, or the Swiss Federal Data Protection Act, you have the right to complain directly to the competent data protection authority. The list of those authorities can be found on the European Data Protection Board website or here: https://edpb.europa.eu/about-edpb/board/members_en.
17
You may exercise your rights of access, rectification, restring processing and erasure by contacting us at privacy@hubilo.com or mydata@hubilo.com. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to You as soon as possible.
18
We may update our Privacy Policy from time to time. You are advised to review the updated Privacy Policy periodically for any changes at privacy policy. Changes to this Privacy Policy are effective when they are posted on this page.
19
We provide easily accessible information via our website or on request. If you have any questions or requests related to data protection, please contact us at the following contact details.
Hubilo Technologies Inc.
Hubilo Technologies Inc, 505
Montgomery Street, 10th floor,
San Francisco, CA 94111
Email: privacy@hubilo.com, mydata@hubilo.com
Contact details of Data Protection Officer
Name: Yuvraj Saxena
Email: yuvraj@hubilo.com
Contact details of EU representative
25/28 North Wall Quay
Dublin 1, D01 H104
Ireland