Using simple and easy-to-understand language;
Providing a series of examples that help to illustrate how the policies may be implemented by us; and
Defining and capitalizing a few terms that are used more than once for simplicity and brevity.
TABLE OF CONTENTS
Personal Data Obtained Directly from You.
Personal Data Obtained from Third Parties.
The Purposes of Data.
How We Share and Disclose Data.
International Data Transfers, Privacy Shield, and Standard Contractual Clauses.
Data Protection Officer.
We collect and process personal and non-personal data when an individual user or organization (“you” and “your”) uses the services (the “Services”) provided by us through the following sources:
The online platform “Events by HelloCrowd” available at https://www.hellocrowd.net (“EVENTS”);
The online platform “&Team by HelloCrowd” available at https://www.andteam.com (“&TEAM”);
The online platform “Learn by HelloCrowd” available at https://www.learn-app.io (“LEARN”);
The related software applications; (collectively, the “Platforms”).
The entity that is responsible for collection and processing of personal data through the Platforms is HelloCrowd, Inc. having a registered place of business at 967 Hymettus Ave., Encinitas, CA92024, the United States of America (“we”, “us”, and “our”).
Our Role as Data Controller and Data Processor
When handling personal data, we may act both as a data controller and data processor. Our role depends on a specific situation. For example, we will act as a data controller when we ask you to submit your personal data that is necessary for your use of the Services (e.g., when you register a user account, make payments, or contact us directly).
We will act as a data processor in the situations when you conclude a service contract with us on the basis of the Customer Terms and become the Customer with respect to the data submitted in relation to the Services, including the Customer Data. For example, if you register on &TEAM as an organization that is looking for employees, you can select what types of personal data should be collected from potential employees. In such a situation, you act as a data controller, whereas we act as a data processor. A copy of our Data Processing Addendum is available here.
Notwithstanding our role, we will comply with the applicable obligations and strive to ensure that all personal data collected and processed through the Platforms is handled properly.
“Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
“Data controller” means the entity that determines the purposes and means of the processing of personal data;
“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
“Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address);
“Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.
We handle personal data in accordance with the applicable data protection laws, including, but not limited to, the EU General Data Protection Regulation (GDPR).
Term and Termination
In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:
Personal Data Obtained Directly from You
We collect and receive personal and non-personal data in a variety of ways and situations, which are described below (the mandatory personal data is marked with *). We comply with data minimization principles and we collect only a minimal amount of personal data that is necessary for ensuring your use of the Services.
Personal Data Collected Through EVENTS
When you sign up for EVENTS, we collect your full name*, email address*, password*, and company name;
When you set up an event, we collect any information you decide to provide us about the event (e.g., list of attendees, contact details, speakers, and sponsors);
When you contact us by email, we collect your name*, email address*, and any information you decide to provide us in your message;
When you update your billing information on EVENTS, we collect your full name, billing address, and payment information;
When you make a payment for the Services provided through EVENTS, we collect your billing address*, VAT number*, and we may have access to your payment information.
Personal Data Collected Through &TEAM
When you sign up for &TEAM as the Customer, we collect your full name*, email address*, company name*, and company URL*;
When you sign up for &TEAM as a candidate, we collect your full name*, email address*, phone number*, EE status (racial and gender) specifics, location, and employment history;
When you contact us by email, we collect your name*, email address*, and any information you decide to provide us in your message;
When you make a payment for the Services provided through &TEAM, we collect your billing address*, VAT number*, and we may have access to your payment information.
Personal Data Collected Through LEARN
When you sign up for LEARN as a vendor, we collect your full name*, email address*, company name*, and company URL*;
When you sign up for &TEAM as an employee, we collect your full name*, email address*, phone number, EE status (racial and gender specifics), and location;
When you sign up for LEARN as the Customer, we collect your full name*, email address*, company name*, and company URL*;
When you contact us by email, we collect your name*, email address*, and any information you decide to provide us in your message;
When you make a payment for the Services provided through LEARN, we collect your billing address*, VAT number*, and we may have access to your payment information.
We receive certain additional data when submitted to our Platforms or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us.
When you use the Platforms &TEAM and LEARN as a candidate or employee, we may collect or have access to special categories of personal data, such as your racial and ethnic origin (the “Sensitive Data”). Please note that the submission of the Sensitive Data is entirely optional. It is in your sole discretion whether to provide such Sensitive Data through &TEAM and LEARN. Your voluntary submission of the Sensitive Data constitutes your consent to process the Sensitive Data for the purposes listed in section “The Purposes of Collected Data”.
Failure to Provide Personal Data
If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Platforms, receive the Services, or get our response.
Personal Data Obtained from Third Parties
Third Party Services
When using the Platforms, you can choose to permit or restrict services and functionalities provided by third parties (the “Third Party Services”). Typically, the Third Party Services are software that integrates with the Services, and you can enable and disable these integrations. Once enabled, the provider of the Third Party Services may share certain information with us. For example, if a cloud storage application is enabled to permit files to be imported to the Services, we may receive your user name and email address, along with additional information that the application has elected to make available to us to facilitate the integration.
You are strongly encouraged to check carefully the privacy settings and notices of the Third Party Services to understand what information may be disclosed to us. When the Third Party Services are enabled, we are authorized to connect and access information, including some personal data, made available to us in accordance with our agreement with the provider of the Third Party Services. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.
If you choose to import your contact information from your device (e.g., an address book from the device) and you provide your consent, we may access such information for the purpose of providing the Services.
Third Party Data
We may receive certain information about organizations, industries, users of the Platforms, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful (the “Third-Party Data”). The Third-Party Data may be combined with the Technical Data (as explained in the section “Technical Data”) that we collect and might include aggregate level data, such as which IP addresses correspond to ZIP codes or countries. The Third-Party Data may also be more specific: for example, how well an online marketing or email campaign performed.
If the functionalities of the Services allow, you may submit the Customer Data that includes messages, files, and other types of content generated by you. For example, if you use &TEAM as the Customer, you may routinely submit the Customer Data to us when using the Services. We will have access to the Customer Data to the extent necessary for provision of the Services. We will not access, copy, disclose or use the Customer Data if it is not strictly necessary for provision of the Services requested by you.
When you use the Platforms, we collect certain non-personal data, such as your usage data, Services metadata, log data, device and location information (collectively, the “Technical Data”). The Technical Data includes:
Usage data. In order to improve the Services, we engage in research about our users. Thus, when you use the Services, we may collect certain technical non-personal data to understand how you use them. Such Technical Data data does not allow us to identify you in any manner.
Services metadata. When you interact with the Services, metadata is generated that provides additional context about the way you work. For example, we log the workspaces, channels, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).
Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use the the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
Device information. We collect information about devices accessing the Services, including the type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of such device information often depends on the type of device used and its settings.
Location information. We receive information from you that helps us approximate your location. We may, for example, use the billing address or an IP address received from your browser or device to determine approximate location. Please note that such approximation of your location does not allow us to locate or identify you in any manner. We may also collect location information from devices in accordance with the consent process provided by your device.
The Purposes of Data
Purposes of Personal Data Collected Through EVENTS
Purposes of Personal Data Collected Through &TEAM
Purposes of Personal Data Collected Through LEARN
We sometimes send emails about new product features, promotional communications or other news about us and the Services. These are marketing messages so you can control whether you receive them. Please note that we will not send you direct marketing messages, such as newsletters, brochures, promotions and advertisements, or contact you by any other means with the purpose to offer you the Services, unless:
We receive your express (“opt-in”) consent to receive such marketing messages. You can opt-out from receiving such marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you; or
We decide to send you marketing messages about our new Services that are closely related to the Services already used by you.
We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in the Platforms, our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services, they will be sent on “if-needed” basis and you may not opt out of them.
Purposes of Customer Data
The Customer Data will be used for the sole purpose of providing you with the requested Services. The legal basis for such use of the Customer Data is performing a contract with you. If you submit any Customer Data through the Platforms as the Customer, the Customer Data will be used by us in accordance with your instructions, including any applicable terms in the Customer Agreement and your use of Services functionality, and as required by the applicable law. Please note that, if you are the Customer, we act as a processor of the Customer Data and you act as a data controller. You may, for example, if the functionalities of the Services allow, use the Services to grant and remove access to the Services, assign roles and configure settings, access, modify, export, share and remove the Customer Data and otherwise apply your policies to the Services.
Purposes of Technical Data
We will use the Technical Data in furtherance of our legitimate interests in operating our Platforms, providing the Services, conducting our business activities, and developing new products. The legal basis for such use of the Technical Data is pursuing our legitimate business interests. More specifically, we will use the Technical Data:
To provide, update, maintain and protect the Platforms, our Services, and business. This includes the use of the Technical Data to support delivery of the Services under the Customer Terms, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at your request.
As required by applicable law, legal process or regulation.
To communicate with you by responding to your requests, comments and questions. If you contact us, we may use the Technical Data to respond.
To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for you. For example, we may improve search functionality by using the Technical Data to help determine and rank the relevance of content, channels or expertise to you, make the suggestions for the Services based on historical use and predictive models, identify organizational trends and insights, to customize the experience of the Services or create new productivity features and products.
To investigate and help prevent security issues and abuse.
If you act as the Customer and you submit any Customer Data, we will retain the Customer Data in accordance with your instructions, including any applicable terms in the Customer Terms and the use of the Services functionality, and as required by applicable law. The deletion of the Customer Data and other use of the Services by you may result in the deletion and/or de-identification of certain associated Technical Data. For more details, please review the Help Center or contact us.
Retention as Required by Law
Please note that, in some cases, we may be obliged by law to store your personal data for a certain period of time (e.g., for accountancy purposes). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
How We Share and Disclose Data
In some circumstances, we disclose your personal data to third party service providers (data processors) and other third parties. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, email distribution, and developing services, or if you explicitly request us to disclose the personal data. This section describes in detail how we share and disclose personal and non-personal data to third parties.
Situations in Which We Share Data
We may share your personal and non-personal data in the following situations:
Upon Customer’s instructions. We will solely share and disclose the Customer Data in accordance with Customer’s instructions, including any applicable terms in the Customer Terms and the use of Services functionality, and in compliance with applicable law and legal process. Please note that, if we act as a data processor, you (as a data controller) determine your own policies and practices for the sharing and disclosure of personal data, and we do not control how you or any other third parties choose to share or disclose personal data.
Displaying the Services. When you submit your personal data, it may be displayed to other users in the same or connected Platforms. For example, your email address may be displayed with your profile in the mobile applications related to the Platforms. Please consult the Help Center for more information on the functionalities of the Services.
Collaborating with others. The Platforms provide different ways for you to collaborate and communicate with others. For example, you may share your profile information with other users of the Services, subject to the policies, practices, and functionalities of the Services.
Access by authorizes persons. Owners, administrators, authorized users and your other representatives and personnel may be able to access, modify or restrict access to personal data. This may include, for example, your employer using the Services features of LEARN to export logs of your activities carried through the LEARN, or accessing or modifying your profile details.
Third-party service providers and partners. We may engage third party companies or individuals as service providers or business partners to process personal data and support our business. These third parties may, for example, provide virtual computing and storage services.
Third Party Services. You may enable Third Party Services. When enabled, we may share personal data with the providers of the Third Party Services. The Third Party Services are not owned or controlled by us and third parties that have been granted access to personal data may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
Corporate Affiliates. We may share personal data with our corporate affiliates, parents and/or subsidiaries.
During a change to our business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all personal data may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated or de-identified data. We may disclose or use aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as telling our prospective customers the average amount of time spent using the Services.
To Comply with laws. If we receive a request for information, we may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how we respond to requests to disclose personal data from government agencies and other sources.
To enforce our rights, prevent fraud, and for safety. We may use personal data to protect and defend our or third parties’ rights, property or safety, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
With consent. We may share personal data with third parties when we have your consent to do so.
Third Parties with Whom We Share Data
We take the security of personal data very seriously. We work hard to protect the personal data you provide from loss, misuse, and unauthorized access or disclosure. We implement organizational and technical information security measures to protect personal data, such as anonymization, secured networks, encryption, and limited access to your personal data by our staff. These measures take into account the sensitivity of the personal data we collect, process and store, and the current state of technology. Should a data breach occur, we will handle such a breach in accordance with our internal information security policies and the requirements set by the applicable law.
We have received internationally recognized security certifications for ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud). To learn more about current practices and policies regarding the security and confidentiality of the Services, please see our Security Practices available at [insert URL of Security Practices].
Given the nature of communications and information processing technology, we cannot guarantee that the personal data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
To the extent prohibited by applicable law, we do not allow anyone younger than 16 years old to use of the Services. Thus, we do not knowingly collect personal data of persons below the age of 16. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take immediate steps to delete such personal data.
International Data Transfers, Privacy Shield, and Standard Contractual Clauses
E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. For more information, including the types of personal data covered by the Privacy Shield certification, see our Privacy Shield Notice available at [insert URL of the PS notice]. To learn more about the Privacy Shield Program, please visit http://www.privacyshield.gov/welcome.
European Union Model Clauses. We offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European Union, and other international transfers of the Customer Data. A copy of our Data Processing Addendum, incorporating the Standard Contractual Clauses, is available here.
Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may ask us to:
Get a copy of your personal data that we store;
Rectify inaccurate personal data;
Move your personal data to another processor;
Delete your personal data from our systems;
Object and restrict processing of your personal data;
Withdraw your consent; or
Process your complaint regarding your personal data.
You can usually exercise your rights by using the settings and tools provided through the Platforms. If you cannot use the settings and tools, please contact us by email at email@example.com and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
Data Protection Officer
We have appointed a data protection officer (“DPO”) who is responsible for ensuring that your personal data is handled in a lawful manner. To communicate with our DPO, please email firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. If you are an individual based in the EU or Switzerland and you would like to launch a complaint about the way in which your personal data is handled by us, we kindly ask you to contact us or our DPO first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible but no later than 2 weeks. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
We have also committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.