At HYPR, we believe that the less information we have about you, the better. We understand that when you use our Services, you are placing your trust in us to appropriately oversee your personal data. It is this trust that serves as the basis for our commitment to take a straightforward and transparent approach to data protection, and part of this approach is ensuring that you are informed about how we may collect and process your personal data. To ensure you are fully informed of our practices, we recommend that you read the entire Policy.
a. Controller (Business/Operator), Processor (Service Provider).
Certain provisions of the Policy apply only to residents of, or people subject to the laws of, jurisdictions with specific statutes governing individuals’ rights over their Personal Data, such as U.S. state laws (including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VDPA"), and developing legislation in Colorado, Connecticut, and Utah (among others)), the European Union’s General Data Protection Legislation including as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“GDPR”), and Japan’s Act on the Protection of Personal Information (“APPI,” together with CCPA, GDPR and other applicable data protection and privacy legislation, the “Data Protection Law”). These provisions are clearly labeled. Otherwise, the Policy applies to all users of our Services.
b. Personal Data. As used in this Policy, “Personal Data” means information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. By contrast, “Anonymous Data” means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit identification of an individual. We collect and use both Personal Data and Anonymous Data as described below.
c. Why We Need Personal Data? We need certain Personal Data to provide the Services. You will be asked to provide this information — and must agree to this Policy and the Terms —to download and use the Apps. You are not required to provide the Personal Data that we request, but we may not be able to provide you with the Services or respond to your inquiries if you don’t.
INFORMATION WE MAY COLLECT ABOUT YOU
Over the course of the last twelve (12) months, we collect information in the following ways:
a. Information You Provide.
- Contact and Registration Data. We collect contact and professional data about you through communications and through our Services. For example, you provide your contact information to us when you sign up to learn more about our Services, download content, register for an event, and visit our offices. Typically, contact data includes your name and contact methods, such as telephone number, email address, and mailing address, and registration data includes the business name and mailing address, administrator contact information, and may include an end user’s business email address or other information (e.g.,biometrical data) provided to authenticate an end user’s access to an App.
- Contract and Payment Data. We may receive contract details (like signatures) from you or your organization and use third-party payment processing services to collect payment and billing information, which may contain Personal Data such as billing name, billing address and payment card details, in connection with our Services.
- Biographical and Support-related Data.We may also collect biographical and support-related Personal Data from you via our help center and other customer support portals. For example, when you participate in interactive features, trainings, online surveys, contests, promotions, sweepstakes, activities, or events, we may ask you to provide a biographical information, such as your name, occupation, organization name, and areas of expertise. You may also be asked to provide contact information, a summary of the problem you are experiencing, and any other information that would be helpful in resolving a customer support request.
- Feedback. If you provide us with Feedback, including reviews posted on App Stores, or suggestions made via direct research or outreach, we may use Personal Data provided in connection with the Feedback in order to respond to you. We may use Feedback without limitation as described in the Terms.
- Job Applicant Data.You provide your contact and professional information, including your resume with educational and work background, when you apply for a job with us. You may also provide us with sensitive information, like your Social Security Number or other government identifier, racial or ethnic origin, or other such Personal Data in connection with your job application.
- Audio, Electronic, or Visual Data.If you attend a HYPR event, we may record that event, take photos at the event, and interview you at the event. We use this information for business and marketing purposes to better inform the public about HYPR and provide testimonials about our Services.
- Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected.
b. Data Collected by Technology.
- Usage Data. Like many services, we use logs to collect data about the use of the Services (for example, use of features and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from Personal Data. Certain HYPR personnel can access Usage Data to analyze the use of the Services and provide user and technical support. Usage Data is also used to automatically send context-appropriate messaging within the Services ( e.g., account set-up notices), and to generate Aggregated Data.
- Aggregated Data. We derive information about the use of our Services by aggregating Usage Data ( e.g., most popular features). This “Aggregated Data” is Anonymous Data, is owned by us, and is primarily used to help analyze and improve the Services.
- Social Media Platforms. Our Site may use social media features, such as the Facebook “like” button, the Instagram “heart” button, Twitter sharing features, and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on our Site to a profile page of yours that is provided by a third-party social media network in order to share content with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our Site. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our Site, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our Site with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the respective companies that provide the relevant Social Media Features.
c. Data obtained from Third Parties.We receive information about users from our service providers (such as when validating an account with a payment processor) or from your employer, from publicly available sources like social media accounts, and from data providers such as marketing partners and researchers, where they are legally allowed to share your Information with us.
HOW DOES HYPR USE YOUR PERSONAL DATA?
We use Personal Data to provide and promote the Services and respond to your requests, including to:
- Establish, maintain, and secure your account.
- Identify you as a user and provide the Services you request.
- Perform fraud detection and authentication.
- Measure traffic and usage activity to improve the Services and your interactions with them.
- Send you administrative notifications via email or within the Services, such as payment reminders or support and maintenance advisories. You will receive these notices even if you choose not to receive marketing communications.
- Provide you with the correct interfaces and options when you are accessing the Services.
- Provide personalized information across the Services by identifying whether you have used specific features within the Services, visited pages on our Site, or seen one of our advertisements.
- Respond to customer support inquiries and other requests.
- Promote the Services or send you other HYPR marketing information (if you opt-in to receive marketing communications when creating an account or afterwards).
- Manage advertising efforts on third-party sites and platforms as further described below.
We do not use your Personal Data for automated decision-making.
If your Personal Data is processed subject to the GDPR, our legal basis for processing your Personal Data will be the following:
b. Contractual Compliance.To comply with a contractual obligation (for example, establishing and securing your account and using your contact information to facilitate payment for the Services). We will advise you upon collection whether the provision of your information is mandatory and of the possible consequences if you do not provide us with your information.
c. Legal Compliance.For compliance with our legal obligations where other laws require the processing of your information (for example, fraud detection and authentication, health and safety, taxation and anti-money laundering laws) or where we need your information to protect your vital interests or those of another person.
d. Legitimate Interests.Our (and our service providers) legitimate interests which include the provision of the Services, and/or the carrying out of marketing and profiling activities, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms.
HOW DOES HYPR SHARE PERSONAL DATA?
HYPR does not sell your Personal Data (as “sell” is normally defined – see the YOUR PRIVACY RIGHTS section for information about “sales” as defined in California) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
- Third Parties You Designate. We may share Personal Data with third parties where you have instructed us to do so ( e.g., by using the Services’ “sharing” or “emergency contact” features). While this data is transferred through our servers, we do not have access to it, as noted elsewhere in this Policy.
- Service Providers. We provide Personal Data to service providers solely as required to provide the Services, including to create accounts, provide technical support, process payments, or enable communication between you and HYPR. We review the security and data privacy practices of these service providers to ensure that they comply with applicable laws and this Policy.
- Marketing. We provide hashed or deidentified IP addresses and device IDs to service providers to optimize our advertising efforts.
- Administrators. Administrators of the Services within your organization can see the email addresses used to access the plan and certain Usage Data.
- Corporate Restructuring. If HYPR or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data we hold at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction (including in advance of such transaction as part of due diligence). Personal Data and other information may also be transferred as a business asset in the event of HYPR’s insolvency, bankruptcy, or receivership or if HYPR undergoes a restructuring or business reorganization.
- Other Disclosures. We will inform you of any other disclosures or your Personal Data, and obtain your consent, prior to such disclosure. However, regardless of your choices regarding Personal Data, HYPR may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is necessary to protect our rights, those of other users, or the Services.
Our Services are not directed to, and we do not intend to or knowingly collect Personal Data online from, children under the age of majority in the countries where the Services are accessed and used. If you are under the age of majority in your country, do not provide us with any Personal Data either directly, on any website forums, or by other means.
If you learn that a child has accessed or used the Services without parental permission, please contact us as set forth in the Contact Us section below.
DATA SECURITY AND RETENTION.
a. Data Security.We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold or process, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of data in our control. If you believe your data may have been compromised by us or the use of the Services, please contact us immediately. As to our Apps, please review our Security FAQ .
b. Data Retention. We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation). Please review our Data Retention Policy for more information.
YOUR INFORMATION CHOICES
a. Direct Email Marketing . If you wish to withdraw from direct email marketing communications from us, you may click the “unsubscribe” button included in our emails. Please note, you cannot unsubscribe from critical transactional emails that are related to our provision of our Services (such as those related to security).
b. Analytics.To opt-out of analytics on our Site, you may adjust your cookie preferences as described below. For more information on how to opt-out of tracking technology from Google Analytics, click here. To opt-out of HubSpot’s tracking technology, click here.
c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall process available as part of your desktop or mobile device or via the mobile application marketplace or network. Uninstalling an App does not delete your Account. To do that, please contact us at firstname.lastname@example.org.
e. Device Settings.Most devices provide users with the ability to change device permissions (e.g.,disable/access location services, contacts). For most devices, these controls are located in the device's settings menu. If you have questions about how to change your device permissions, we recommend you contact your mobile service carrier or your device manufacturer as different devices may have different permission settings. Please note that certain functionality of the Services may be impaired or limited depending on your device settings.
YOUR PRIVACY RIGHTS
a. Generally.You may withdraw your consent to our processing of your Personal Data, in whole or in part ( i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
b. European Economic Area (“EEA”).It you are located in the EEA or the United Kingdom, the following provisions apply:
- Processing Purposes. Our legal basis for collecting, using, and processing your Personal Data is contained in the HOW DOES HYPR USE YOUR PERSONAL DATA section above.
- Your Rights. Where the collection or processing of your information is subject to the GDPR, you have the following data subject rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
- Access. You have the right to request information about how we process your Personal Data and to obtain a copy of that Personal Data.
- Rectification. You have the right to request the rectification of inaccurate information about you and for any incomplete information about you to be completed.
- Objection. You have the right to object to the processing of your Personal Data, which is based on our legitimate interests (as described above).
- Erasure. You have the right to request the erasure of your Personal Data (subject to certain conditions).
- Automated decision-making. You have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
- Restriction. You have the right to ask us to restrict our processing of your Personal Data, so that we no longer process that Personal Data until the restriction is lifted.
- Portability. You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that Personal Data transmitted to another organization in certain circumstances.
- Complaint.In addition to the above, you have the right to lodge a complaint with a supervisory authority (a list of which is available here) if you consider that our processing of your Personal Data infringes applicable Data Protection Law.
- Personal Data Transfers. Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA or UK. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission or UK Secretary of State (as described in Article 46 of the GDPR), or we will ask you for your prior consent to such international data transfers. By using the Services, you acknowledge the transfer, storing and/or processing of your data in accordance with this Policy.
c. California Residents.If you reside in the State of California, the CCPA provides you with specific rights regarding your Personal Data. This section describes those rights and how to exercise them.
- Right to Make a Request Under the CCPA. You have the right to request that we disclose certain information to you regarding our collection, use, and disclosure of your Personal Data over the past 12 months, including the categories and specific pieces of Personal Data we possess, the categories of sources of the Personal Data, the business or commercial purpose for collecting the Personal Data, and the categories of third parties with whom we share or sell the information, and the specific pieces of Personal Data we have collected about you. Upon verified request, we will respond to your request for such information. You also have a right to request that we delete your Personal Data. Please note that, in certain cases, we deny a request to delete your Personal Data if we have a legal basis to do so. For example, we may retain certain information for the reasons stated under the HOW DOES HYPR USE YOUR PERSONAL DATA heading above.
- Who May Make a Request? You may make a request on behalf of yourself or you may authorize an agent who is registered with the Secretary of State for the State of California to act on your behalf. You may also make a request on behalf of your minor child.
- Right to Non-Discrimination for Exercise of Consumer’s Privacy Rights . We will not discriminate against individual for exercising their rights under the CCPA.
d. Instructions for Submitting a Verifiable Consumer Request. If you wish to exercise any of these rights, please submit the request by emailing us at email@example.com, or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only fulfil requests with respect to the Personal Data associated with the email address you send your request from, and we will need to verify your identity before doing so. We will comply with your request promptly, but in any event within the legally mandated timeframes (thirty (30) days for the GDPR and forty-five (45) days for the CCPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion.
e. Process Used to Verify a Consumer Request. We will verify all requests by contacting you using contact information retained in our systems. If our information does not allow us to contact you, then we will verify your identity by asking you to confirm the data we have in our system. We cannot respond to requests that cannot be verified.
CHANGES TO THIS POLICY
CONTACT INFORMATION; COMPLAINTS
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please email firstname.lastname@example.org, or write the address below:
1001 Avenue of the Americas, 10th Floor
New York, NY 10018