H4 PRIVACY NOTICE
Thanks for using H4! We collect data when you use H4’s services or interact with us. Here we describe how we collect, use, and handle your personal information.
What does this notice cover?
This notice applies to H4’s online documentation platform (our “Service”), H4’s corporate website at hfour.com (the “Website”) and other interactions (for example, when we provide you with customer support) you may have with H4.
This notice does not apply to information collected and controlled by third parties, third party websites, or content or applications of third parties, including any that may be linked to or accessible from or on our Service or Website.
What information do we collect?
We collect and process the following information:
- Information you provide to us.
- Account information: We collect the information you provide to us when you do things such as sign up for your account, update your user profile, or set up two-factor authentication. This may include your name, email address, phone number, your organization, your professional role, and your profile photo.
- Interactions with us: We collect information when you interact with us, such as when you provide us with feedback or contact us for user support. This may include the date, time and reason for contacting us, transcripts of any conversations, and if you call us, your phone number and call recordings, as well as identifying details such as your name or email address.
- Marketing Preferences: We store your marketing preferences, including any consents you have given us.
- Information we collect automatically.
- Usage information: We collect information about how you use our services, such as the features you use, the actions you take, and the time, frequency and duration of your activities. For example, we log when you are using and have last used our Service, what content you view and download, and the terms you search for.
- Device and browser information: We collect information about the browsers and devices you use to access the Website and Service, such as unique identifiers, browser type and settings, device type and settings, operating system, IP address, crash reports, system activity, and the date, time, and referrer URL of your request.
- Information we collect from other sources. We may collect information about you from others, such as your organisation and those who you work with (including, where you act as an advisor, your clients and the other advisors of your clients). Such information may include, for example, information needed to complete your user profile and to provide our services to you and your organization.
How do we use this information?
We process this information for the following purposes:
- To provide our services, including ancillary services such as customer support. For example, we may display your account information to you in your user profile.
- To ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us.
- To make improvements to our services and to help us develop new ones. For example, we may make changes based on historical use and predictive models.
- To measure performance. We use data for analytics and measurement to understand how our services are used. For example, we analyze data about your use of our services to do things like optimize product design. We may also combine information collected through the Service with information about our customers collected by other means.
- To interact with you directly. For example:
- To send you service, technical and other administrative emails, messages and other types of communications, like two factor authentication and resetting your password.
- To let you know about upcoming changes or improvements to our services.
- To send you information about market trends, industry education, invitations to upcoming events, and other similar information.
- If you contact us, we’ll keep a record of your request in order to help solve any issues you might be facing or to respond to your questions or requests for information. We may also contact you to make sure your needs are being met.
- To conduct surveys and other market research to ensure our services are relevant to your needs.
- To provide insights to and prepare reports for H4’s customers and other stakeholders.
- To help improve the safety and reliability of our services. This includes detecting, preventing, or otherwise addressing fraud, abuse, security risks, or technical issues that could harm H4, our users, or the public.
- As required by any applicable law, regulation, legal process, or enforceable governmental request.
What is the legal basis for processing data?
As required by European Union law, where we process your personal data, as described above, we rely on certain legal grounds for doing so, depending on what processing we carry out and our relationship with you. These are as follows:
- as necessary to fulfill our terms of service with you or other contracts, or take steps linked to such agreements;
- as necessary to comply with our legal obligations; and
- as necessary for our (or others’) legitimate interests, including our interests in providing an innovative, personalized, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data. Examples of where we rely on our (or others’) legitimate interests includes where we use information about your use of our services to improve those services, where we process your personal data prior to your signing up for our services for the purposes of on-boarding you, where we provide information about your use of the platform to your organization and where we use your data for the purposes of securing our services.
Objecting to marketing
We may from time to time send you marketing messages via email. You have an absolute right to opt-out of receiving such messages, and to object to any profiling we carry out for direct marketing, at any time. You can do this by following the instructions in our marketing emails, or by contacting us at firstname.lastname@example.org.
Who will we share this data with, where and when
- Vendors and service providers. We will share your personal data with third party service providers who support our business, who will process it on behalf of H4 for the purposes identified above. Such third parties include providers of hosting services and technical infrastructure (e.g. Amazon Web Services), maintenance services, CRM services (e.g. Salesforce.com), customer support services, and marketing services.
- H4 group companies. We may share your information within the H4 group of companies, including Vanilr Ltd, H4 Services Inc and H4 Services DOOEL, for the purposes of providing our services to you, business administration, maintaining security and regulatory compliance, providing support services to end users (including IT support, where relevant), marketing and analytics. See the section below entitled “Which H4 entity is my data controller” for details of these companies.
- Legal reasons. We will share personal information outside of H4 if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to (i) comply with any applicable law, regulation, legal process, or enforceable governmental request, (ii) enforce applicable terms of service or other agreements, including investigation of potential violations, (iii) detect, prevent, or otherwise address fraud, abuse, security risks, or technical issues, and (iv) protect against harm to the rights, property or safety of H4, our users, or the public as required or permitted by law.
- Your organization. When you access or use our services in the course of working for your organization, we may share your information with such organization in certain circumstances, including where we respond to queries from your organization regarding your use of the platform.
- Business transfers. In the event that H4 undergoes any reorganization, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the any new owners of the business.
In connection with the purposes identified above, your personal data may be transferred outside the EEA to the USA or the Republic of Macedonia. Where information is transferred to H4 group companies in these jurisdictions, H4 has an intra-company agreement incorporating the EU Commission approved standard contractual clauses. Where information is transferred to a stakeholder, service provider or other vendor in these jurisdictions, or any country outside the EEA that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules.
Cookies and similar technologies
The Website and Service do not respond to “do-not-track” requests or similar browser settings.
Our services are not intended for children, as children are defined by applicable local law, and we do not knowingly collect or solicit personal information from children. If we learn that we have collected or received personal information from a child, we will delete that information. If you believe that we may have any personal information about a child, please contact us as provided in this notice.
What rights do I have?
The rights described in this section are applicable to you if you reside in a jurisdiction where the provision of such rights are required by the applicable data protection and privacy laws in your jurisdiction . As such, where required by applicable law or regulation, you have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share this data to another controller. If you are a registered user of our products or services, you may also review and change your personal information on your account profile page.
In addition, you can object to the processing of your personal data in some circumstances where our processing is based on the performance of a task carried out in the public interest or the processing is necessary for our or a third party’s legitimate interests.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.
For the provision of information marked as mandatory on the sign-up page when you register to use the service, if such information is not provided, then you will not be able to use the service. All other provision of your information is optional. If you do not provide such information, our provision of certain services to you may be detracted from.
How long will you retain my data?
We store data until it is no longer necessary to provide our services. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. Some personal data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time. For example:
- We will keep the account information you provide to us (such as details about your organization, your professional role, and your user photo) for as long as you remain an account holder.
- We will keep a record of the fact that you have asked us not to send you direct marketing indefinitely, so that we can respect your request in future.
- We will keep usage information and analytics data for a reasonable length of time that allows us to provide our services and to understand how people use our services.
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include security, fraud & abuse prevention, financial record-keeping, complying with legal or regulatory requirements (for example, if H4 receives a lawful subpoena), ensuring the continuity of our services, and when there have been direct communications with H4.
We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when you delete something and when copies are deleted from our active and backup systems.
How do I get in touch with you?
If you have any questions or concerns about how we process your data, please contact us at email@example.com.
Which H4 entity is my data controller?
Any personal information provided to or gathered by H4 is controlled by Vanilr Limited (c/o 1 Finsbury Market, London, EC2A 2BN, UK), H4 Services Dooel (1732 no. 4, Lamella A Left, 1st and 2nd Floor Skopje, Macedonia) or H4 Services Inc (Unit 2511, 60 Broad St, The Bond Collective, New York, NY 10004-2306, USA). For more information on who is considered the specific data controller in connection with the collection of your personal information please contact us at firstname.lastname@example.org.
Changes to our privacy notice
We may change this privacy notice from time to time to reflect changes in the law or regulation, our information practices, our services, or our operational requirements. Depending on the type of change, we may notify you by updating this page or by email. We encourage you to periodically review this page to learn of any changes we have made.
Last modified: 25 September 2018