Privacy Policy | Huddle

Privacy Policy

@: Privacy Policy

Last Updated: JUNE 11TH 2018

About Us

We are Ninian Solutions Limited (t/a Huddle) whose registered offices are 2nd Floor, Aldgate Tower, 2 Leman Street, London, E1 8FA, UK.  Any references in this Policy to “Huddle“, “we”, “our”, “us” etc. will be interpreted as a reference to us.  Our contact details can be found below under “Contacting us and making a complaint”.

This policy, together with our Subscriber Agreement for Huddle Services http://www.huddle.com/subscriber-agreement/, our Master Services Agreement and our End User License Agreement (“Terms of Use”) http://www.huddle.com/terms-of-use and any other documents referred to in them, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.

Huddle’s Controller and Processor Responsibilities

Huddle processes your personal data in several ways, depending on how you interact with us and/or our customers.

  • We process personal data when you visit our main website (www.huddle.com). Huddle is the Data Controller for this personal data.
  • We process personal data about prospective customers of Huddle. Huddle is the Data Controller for this personal data.
  • We process personal data about our existing customers, such as contact information about key users. Huddle is the Data Controller of this data.
  • We process personal data which may be contained within the content uploaded by our customers, such as files, comments and other collaboration material. Huddle is the Data Processor for this personal data.
  • We process Personal Data when you use our applications (huddle.net and us.huddle.com and sub-domains) and associated tools/services, such as User Profile data you provide during registration or when updating your details via the applications. In most cases Huddle is the Data Processor and the Customer is the Data Controller of this Personal Data, however in such cases where you are a member of multiple Customer accounts Huddle will be the Data Controller for this personal data.

Huddle is a data processor in relation to, and does not control, the content uploaded by Users to our platform. As such, we shall keep your Personal Data for as long as determined by the relevant data controller customer. Should you wish to remove your Personal Data from within customer content, you should contact the relevant customer, who is responsible for giving effect to your rights in relation to Personal Data, including the right of access and erasure.

Changes to our Privacy Policy

We may modify this Policy from time to time. If we make any changes to this Policy, we will change the “last updated” date above. We encourage you to check this Policy whenever you use our Sites and Services to understand how your personal information is used. We will notify you by email when the Privacy Policy changes, unless you choose to opt out of Privacy Policy notifications.

Information we may collect and otherwise process

We may collect and otherwise process the following data about you:

  • We collect information when you complete forms on our websites (huddle.com, huddle.net, these Services can also be accessed using a custom domain name e.g. myaccount.huddle.net, myaccount.huddle.com) – “our sites” – including when registering to use our Sites or subscribing to our Services or updating your profile. The information we may collect about you includes, your name and email address; your title, company and other profile information you provide as well as aggregate information about your use of the features of the Services we provide to you such as the number of times you upload/download files and documents.
  • Information that you provide to us by completing surveys on our site or as carried out by our approved third parties.
  • If you contact us for customer or technical support, we may keep a record of that correspondence or conversation.
  • Information we receive from third-party search engines such as but not limited to Google, Yahoo and Microsoft (Bing and MSN) relating to your search activity.
  • Details of your visits to our site including, but not limited to, traffic data, location data, IP addresses, weblogs and other communication data and the resources that you access.

On registration with Huddle or when completing forms on our Sites, Huddle does not require nor ask for sensitive personal data such as – General medical information, race/ethnicity, gender, political opinions or sexuality. Where you believe you have either submitted or been asked to provide this information as part of registration or completion of forms, you are to contact privacy@huddle.com to have this information deleted or removed from our records.

Most of the information comes directly from you, but we may obtain information from third parties, e.g. your employer when you are asked to register as a user of our Services.

Huddle receives Business-to-Business (B2B) marketing lists from trusted partners for the purpose of contacting new prospects. For details, contact privacy@huddle.com

Uses made of your information

Huddle may use the information on you in the following ways:

For the purpose of legitimate interests being pursued by us in relation to the Services that we provide.  For example, we will use your information to:

  • provide our Services and features to you, to measure and improve those services and features
  • provide you with customer and technical support through Customer Relationship Management systems
  • contact you with any service-related announcements from time to time
  • ensure that content from our Sites are presented in the most effective manner for you and for your computer
  • detect and prevent fraud or malicious use

Where it is necessary for the performance of a contract with you.

  • To provide marketing information to you in relation to our Services and to provide you with advertisements concerning our products and services through our Third-Party Partners Programme (see Third-Party Partners programme below for more details) where you have given your consent, or we are otherwise legally entitled to do so and it is in our legitimate interests to provide such information to you; if you do not wish to be contacted in this way, you can use the “unsubscribe” option in communications sent to you or send us an email at privacy@huddle.com.
  • In order to comply with any legal obligation that we have, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.

Where we have relied on our legitimate interests to process your personal data, you may contact us to obtain more information, including in relation to our assessment of the impact on you.

Information we collect may be stored and processed in and transferred between any Huddle offices for the purpose of account management and our customer success program but is performed strictly in accordance with this privacy policy.

Cookies, Web Beacons and IP addresses

We may collect information about your computer, including where available your IP address, operating system, browser type, for system administration and to report aggregate information which helps us improve the service. This is statistical data about our users’ browsing actions and patterns and is not used for marketing purposes.

Cookies

We use Cookies which are information packets sent by web servers to web browsers and stored by the web browsers. The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers. There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date. Cookies contain information that is transferred to your computer’s hard drive. We use Cookies to help us to improve our site and to deliver a better and more personalised service.

We use the following cookies within our Services:

 
Type name domain explanation

Session

sectok

huddle.net

This is a security ID used by the Huddle service to perform anti-XSRF to ensure that the source of the data/content being submitted is what it should be. This safeguards the integrity of our customer’s data/content stored within Huddle.

Session

JSESSIONID

newrelic.com

New Relic provides infrastructure management services to Huddle. It allows us to understand the capacity requirements of our customers. All customer information sent to New Relic is anonymized.

Session

auth_token

huddle.net

huddle.com

Huddle’s utilises OAUTH (used by many large and secure websites) to verify and maintain customer’s sessions for the duration of their usage on our service

Persistent

ajs_user_id

huddle.net

huddle.com

Segment.io allows Huddle to plugin behavioural and functionality by trusted; and risk assessed third-party providers. This cookie allows Huddle to follow the events that a user is performing.

Persistent

ajs_group_id

huddle.net

huddle.com

Segment.io allows Huddle to plugin behavioural and functionality by trusted; and risk assessed third-party providers. This cookie allows Huddle to follow the events that a user is performing.

Persistent

ajs_anonymous_id

huddle.net

huddle.com

Segment.io allows Huddle to plugin behavioural and functionality by trusted; and risk assessed third-party providers. This cookie allows Huddle to follow the events that a user is performing.

Persistent

_utma

_utmb

_utmz

google.com

These functional cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Session

_utm14

google.com

These functional cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Persistent

Pref

youtube.com

Google stores language preferences and user selection of ‘SafeSearch’ in this cookie for all our embedded videos used on the www site. Customer created video content is only stored on Huddle’s servers.

Persistent

VISITOR_INFO1_LIVE

youtube.com

We use YouTube to embed videos on our blog and www sites. However, if the ‘Share’ button is clicked YouTube will set these two cookies. The VISITOR_INFO1_LIVE cookie attempts to estimate your bandwidth. These cookies don’t gather information that identifies a user.

Session

YSC

youtube.com

Used by Google for Google Maps preferences on our contact us page.

Persistent

rmbMe

huddle.net

huddle.com

Used to pre-populate login page with a username.

Persistent

Settings

huddle.net

huddle.com

Indicates user preference for single or multiple file uploader

Persistent

New Dashboard

huddle.net

us.huddle.com

Indicates user preference for new or old Dashboard design

 

     

 

Refusing Cookies

You may refuse to accept our cookies by activating the functionality on your browser which allows you to refuse the setting of cookies. However, if you enable this functionality, this may adversely affect your user experience of our sites.

Web Beacons

We use Web Beacons – sometimes called single-pixel gifs – which allow the Sites to collect web log information. A web beacon is a graphic on a web page or in an email message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of more of our Sites by the computer which hosts our website (webserver). The webserver automatically recognises some information, such as the date/time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g. Chrome, Firefox, Internet Explorer), the allocated Internet Service Provider DNS (domain name service) and the Internet Protocol (IP) addresses. We may also include web beacons in promotional emails to determine whether messages have been opened. Web beacons may also be used to deliver cookies.

IP Addresses

Our Sites use Internet Protocol (IP) addresses. IP addresses are assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. It is possible that the IP address we collect or even a cookie we might use may contain information that could be deemed personal information. We use your IP address to report aggregate information on usage and to help improve our Sites.

Areas of our Sites that collect your information use industry standard Transport Layer Security encryption (TLS); you must utilise a modern, up-to-date browser to take advantage of the higher levels of encryption that are supported.

Third-Party Partners Programme

When you visit our site, we place a cookie file on your hard drive of your computer so that our advertising partners can recognize you when you visit their websites. We do this so that our advertising partners can show you advertisements relating to our products and services when you visit their website.

You may opt out of receiving our advertisements through our advertising partners by:

  • Adjusting your browser setting to refuse the setting of cookies or by clearing your cookies. Please refer to your browser help resource to describe how to do this.

Our Sites will issue cookies when you visit our site again.

Third-party websites

We are not responsible for the privacy policies or practices of third-party websites.

Marketing communications and opting-out

We will provide you with information concerning our products or Services that you request from us or which we feel may interest you by email unless you have opted-out of receiving this information.

You may at any time opt-out of receiving this information by clicking on the opt-out link in the footer of a marketing email you have received or by sending us an email at privacy@huddle.com

Opt-out requests will not apply where Huddle sends you a notice regarding the status of service, upgrades to platform, additional features, security alerts, quality surveys or any notice pertinent to your service and account.

How you can access, change or remove your personal information, and other rights

You understand that by accepting an invitation into Huddle, those who are in a workspace with you will be able to identify you by your Huddle profile.

You may view, change, or remove your profile information displayed through our site at any time by going to your profile and editing your information.

You have the following rights regarding your information:

Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.

Right of access 

You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Privacy Policy). 

Right to rectification 

You are entitled to have your information corrected if it is inaccurate or incomplete. 

Right to erasure 

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it.  This is not a general right to erasure; there are exceptions. 

Right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. 

Right to data portability

You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.

Right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). 

Right to object to processing

In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests grounds (including processing for direct marketing).

For more information on your rights or to exercise any of these rights at any time, you can contact us by email at privacy@huddle.com or by post at address:

Head of Information Security (Privacy Dept.)
Huddle
2nd Floor, Aldgate Tower
2 Leman Street
London, E1 8FA

Account deactivation

If you want to stop using your account, you may deactivate it. When you deactivate an account, you will not be able to use our Sites or Services, and your information will not be capable of being viewed through our sites. However, even after you deactivate your account, copies of your information, including but not limited to name and email address may be retained by us for legal and compliance reasons.

Security and management of your personal information

All information relating to you is stored on secure servers operated by us or our third-party providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone including employees of Huddle.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Huddle’s Information Security Management is 3rd party ISO 27001:2013 certified by BSI. We will take all reasonable technical and organisational precautions to prevent loss or misuse of your personal information. your information is stored on protected servers and transmission of data is encrypted. Huddle stores and processes your information for as long as required and removes when no longer needed or upon your request. Safeguards using appropriate technical and organizational measures to minimise the risk of accidental loss, unlawful processing, destruction or damage have been implemented. Huddle will endeavour to ensure your information is accurate, adequate, limited to what is necessary for concerning the purpose for which it is being processed, kept up to date and erased or rectified without undue delay. You acknowledge that the transmission of information over the Internet is inherently insecure and we cannot guarantee the security of data that is sent over the internet. We have implemented security capability including encryption where applicable in all transmission of data.  You are responsible for the safe storage of your access credentials to our Services.

Children aged 16 or under are not permitted to utilise the Sites and Services without parental or guardian consent.

Disclosure of your information

We may disclose your personal information to any of our employees, officers or agents within Huddle which means our subsidiaries in so far as reasonably necessary for the purposes set out in this privacy policy.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we or substantially all of our assets are acquired by a third-party, in which case personal data held by us will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data to comply with any on-going or prospective legal proceedings, new legal obligations, or to enforce or apply our Subscriber Agreement or Terms of Use. This includes local and federal/national law enforcement, relevant public authorities, and regulatory bodies such as but not limited to the Federal Trade Commission (FTC).
  • To establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Huddle may use trusted third parties to assist in the delivery, provision, analysis and improvement of the Services including but not limited to data storage, maintenance services, database management, analytics, payment processing, Customer Relationship Management services/systems and improvement to the Services features.  This includes Huddle’s affiliate in the USA, Huddle Inc.

Huddle’s trusted third parties utilise your personal data for the following business purposes:

  • Support services
  • Customer relationship management services
  • Financial management services
  • Communication management services
  • Digital signature service.

All onward transfers of data to trusted third parties will be completed under a written contract with terms that include that:

  • Data will only be processed for limited and specified purposes; and
  • Data will be protected using appropriate technical and organizational security measures.

If it is determined that a third party can no longer meet its obligations under the contract with us, the third-party provider is contractually obligated to notify us.

Where we store your data

The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”).  It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Such staff maybe engaged in, among other things, the provision of CRM services, marketing campaigns, and support services on our behalf.  The countries to which your personal data are transferred are: United States of America.

We ensure that your data is protected in these countries by ensuring there are adequate safeguards in accordance with applicable law.  This can include requiring the recipient of your data to enter into standard contractual clauses that have been approved by the European Commission.  If you would like further information on the use of these clauses, you can contact us using the details set out at the end of this privacy policy or click on the following link.

Your personal data may be transferred outside the EEA to Huddle Inc in the USA.  Huddle Inc complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Huddle Inc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

In the context of onward transfers of your personal data, Huddle Inc shall remain liable under the Privacy Shield Principles if any agent to whom Huddle Inc. has transferred your personal data processes such personal data in a manner inconsistent with the Privacy Shield Principles, unless Huddle Inc. proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Huddle Inc commits to resolve complaints about our collection or use of your personal information.  Individuals have the possibility, under certain conditions, to invoke binding attribution to swiftly and with minimal cost resolve complaints. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Huddle Inc at privacy@huddle.com or our postal address:

Head of Information Security (Privacy Dept.)
Huddle
2nd Floor, Aldgate Tower
2 Leman Street
London, E1 8FA

Huddle Inc has further committed to cooperate with EU Data Protection Authorities (DPAs) with regard to unresolved Privacy Shield complaints.  If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs are provided at no cost to you.

How long we will keep your information

We only keep your information for as long as is reasonably necessary for the purposes set out in this privacy policy and to fulfil our legal obligations. 

In summary, however, we keep:

  • User Profile information for the duration of the contract of any Customer accounts of which you are a member, and 1 year thereafter, or until such time as you request it to be removed
  • Financial information for 7 years to meet our legal obligations for accounting and tax reporting
  • Customer account-related information for the term of the agreement plus 7 years, and beyond this period if it is required to enforce or defend a claim against Huddle that has been made under the Subscription Agreement
  • Security-related information, such as log data, for a minimum of 1 year to meet our security compliance obligations

We will securely erase your information in advance of these deadlines if we decide that we no longer need it.

Contacting us and making a complaint

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to either: privacy@huddle.com, or

Head of Information Security (Privacy Dept.)
Huddle
2nd Floor, Aldgate Tower
2 Leman Street, London
E1 8FA

If you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can make a complaint to the relevant privacy regulator.  In the UK, that is the Information Commissioner – see www.ico.org.uk for more information.

 

 


Request Demo
trillatron