EFFECTIVE DATE: DECEMBER 31, 2019 (V. 4)
• The information we collect about you
• How we use the information we collect
• Who we give your information to
• Control of your information
• Your access to your information and how long we keep it
• How we protect your information
• Where we store your information
• Links to other websites
• Information about our participation in Privacy Shield
• Payment processing
• California Resident Privacy Rights
• Information about enforcement and dispute resolution
• Contact us
European Economic Area Data Subject Rights:
If you are a resident of the European Economic Area, the following definitions apply to your data. When you access our Website and view information about us and our technology, communicate with us, download whitepapers, and register for events etc, we are the data controller.
• your employer is the data controller with respect to the user information it provides to us. This information typically includes first name, last name, and business email address. Where your employer is the data controller in this way, we act as a data processor under data protection laws, meaning we use the information to provide a service to your employer.
• Haystack is the data controller for information provided directly by you or as a result of interacting with the Platform, including assessment data, a secondary email address, additional profile details such as job title, personal website URL, a short bio, social platform handles, and demographic information such as your gender, year of birth, and your work industry. To be clear, none of these additional profile details are required to utilize our Site, but we can offer you an enhanced experience if you provide it.
THE INFORMATION WE COLLECT ABOUT YOU
We value your trust. In order to honor that trust, Haystack adheres to ethical standards in gathering, using, and safeguarding any information you provide.
We collect and process the following personal information from you:
INFORMATION YOU GIVE TO US:
INFORMATION WE COLLECT ABOUT YOU FROM YOUR USE OF OUR SITE:
We will automatically collect information from you each time you visit our Site. This includes technical information, information about your visit, and information about your activity on our Site such as courses searched and viewed, page response times, download errors, length of visit to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), methods to browse to and away from a page, and methods used to contact our sales and support teams. Technical information may also include the Internet protocol address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems, and device platform.
INFORMATION WE RECEIVE FROM OTHER SOURCES:
This is information we receive about you from third parties that we work closely with to provide, promote, and improve our services. These third parties include business partners, vendors who assist in technical and payment services, advertising networks, analytics providers, and search information providers.
HOW WE USE THE INFORMATION WE COLLECT
INFORMATION YOU GIVE TO US:
We also use your personal information together with other personally non-identifiable information to help us better understand our users, to personalize and improve your experience with our Site, and to improve the content and functionality of our Site. This may include providing information about our goods and services that we feel may interest you and enhance your interaction with our Site. We will communicate with you about these goods and services via email, direct mail, telephone, or on our Site.These communications may include newsletters, promotional emails, product updates, or market research requests. We will use your information for this purpose only if you have given your consent to receive marketing material from us at the point we collected your information, where required by law, or otherwise in our legitimate interests, provided these interests do not override your right to object to such communications.
INFORMATION WE COLLECT ABOUT YOU FROM YOUR USE OF OUR SITE:
We will use this information in our legitimate interests (where we have considered these are not overridden by your rights), to administer our Site, and for internal operations, including trouble shooting, data analysis, testing, research, and statistical survey purposes. We will also use this information to keep our Site safe and secure, for measuring the effectiveness of how we present content and how we market and advertise. We use Internet protocol addresses and non-personally identifiable information in our log files to analyze trends, to administer our Site, to track users’ movements in and around our Site, and to gather demographic information about our user base as a whole. We also utilize unstructured machine learning technologies to understand user behaviors and to provide user-specific recommendations and other personalization of our Site experience.
INFORMATION WE RECEIVE FROM OTHER SOURCES:
We will combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
WHO WE GIVE YOUR INFORMATION TO
We consider your personal information to be a vital part of our relationship with you and do not sell your personal information to third parties. There are, however, certain circumstances in which we may share your personal information with certain third parties, as follows:
AGENTS, CONSULTANTS AND RELATED THIRD PARTIES:
We sometimes hire other companies to perform certain business-related functions, such as sending email on our behalf, payment processing, or conducting market research. We also share your email address with third parties, such as Facebook, LinkedIn, and Twitter in order to provide custom marketing materials for you on their platforms. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function. These companies are not permitted to use any personal information that we share with them for any other purpose aside from providing services to us.
BUSINESS PLANS AND COMPANY PARTNERSHIP SUBSCRIPTIONS:
As we develop our business, we might sell or buy businesses or assets. Your personal information maybe transferred to a buyer or other successor in the event of a corporate sale, merger, reorganization, dissolution, or similar event in which personal information held by us about our Site users is among the assets transferred.
In certain situations, Haystack may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order, or similar legal process served on us or our Site.We will take reasonable steps to ensure that we only collect that personal information that is relevant for the purposes for which it is to be used. Furthermore, we will not process your personal information in away that is incompatible with these purposes.
CONTROL OF YOUR INFORMATION
YOUR ACCESS TO YOUR INFORMATION AND HOW LONG WE KEEP IT
Upon request, Haystack will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org.
We will provide you with the means to ensure that your personal information is correct and current. If you have registered to use the Platform, we will provide a way for you to access and change your profile on our Platform. We will also allow you to completely delete your profile along with all personal information associated with that profile, although this option may significantly degrade your experience with our Platform. You may request deletion by accessing your profile and clicking on the link available there. Alternatively, you may contact us at email@example.com.
We will respond to your request within a reasonable timeframe. Requesting deletion of your account means your personal information is permanently deleted and cannot be retrieved.
If you would like to view your personal information that we hold at any time, you may access your profile from our Site.
We retain your information while your account is active or as needed to provide you services. Thereafter, we may retain certain personal information indefinitely as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain aggregate information for research purposes and to help us develop and improve our Site and services.
HOW WE PROTECT YOUR INFORMATION
The security of your personal information is important to us. When you enter sensitive information (such asa credit card number) on our checkout page, your information is sent over an authenticated and encrypted connection using Transport Layer Security (TLS).
We store your personal information only on servers with limited access that are located in controlled facilities and use a variety of technologies and procedures intended to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Nonetheless, no communication via the Internet can ever be 100% secure, and no security measures can ever be assured to be effective. Accordingly, you are advised to use caution and discretion when determining what personal information to disclose to us.
If you have any questions about security on our Site, contact us as follows:
WHERE WE STORE YOUR INFORMATION
The data that we collect from you is transferred to, and stored at, a destination in the United States. Haystack participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the SwissU.S. Privacy Shield Framework. For more information on Haystack’s participation in EU-U.S. Privacy ShieldFramework and the Swiss-U.S. Privacy Shield Framework, please see below.
Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. We also give you information about how to disable cookies in the table below. However, you may not be able to take full advantage of our Site if you do so.
A number of cookies we use last only while you are on our Site and expire when you close your browser or exit our Site Others are used to remember you when you return to our Site and will last for longer. We use these cookies on the basis that they are necessary for the performance of a contract with you, or because using the mis in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.
We use the following types of cookies:
STRICTLY NECESSARY COOKIES: These are cookies that are required for the operation of our website and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
ANALYTICAL/PERFORMANCE COOKIES: They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.
FUNCTIONALITY COOKIES: These are used to recognize you when you return to our website. This enables us, subject to your choices and preferences, to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).
TARGETING COOKIES: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information subject to your choices and preferences to make our Site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
We may also work with advertising networks that gather information about the content on our Site you visit and on information on other websites and services you visit.
This may result in you seeing advertisements on our Site or our advertisements when you visit other websites and services of third parties. For more information about how to turn this feature off, see below or visit https://preferencesmgr.truste.com and learn more about opting out of targeted ads. There you will find links for resources specifically for citizens of the United States, Canada, and the European Union.
DISABLING COOKIES: The effect of disabling cookies depends on which cookies you disable but, in general, our Site may not operate properly if all cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our Site. If you disable all cookies, you will be unable to complete a purchase on our Site.
If you want to disable cookies on our Site, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below:
FOR MICROSOFT INTERNET EXPLORER:
• Choose the menu “tools” then “Internet Options”
• Click on the “privacy” tab
• Select the setting the appropriate setting
FOR GOOGLE CHROME:
• Choose Settings> Advanced
• Under “Privacy and security,” click “Content settings”.
• Click “Cookies”FOR SAFARI:
• Choose Preferences > Privacy
• Click on “Remove all Website Data”
FOR MOZILLA FIREFOX:
• Choose the menu “tools” then “Options”
• Click on the icon “privacy”
• Find the menu “cookie” and select the relevant options
FOR OPERA 6.0 AND FURTHER:
• Choose the menu Files”> “Preferences”
Except for essential cookies, all cookies used on our Site will expire after two years.
LINKS TO OTHER WEBSITES
CALIFORNIA RESIDENT PRIVACY RIGHTS
Under California law, California residents are entitled to certain privacy rights concerning their personal information. If you are a California resident, you have the right to ask us for a notice identifying the categories of your personal information that we shared with third parties for their direct marketing purposes in the previous twelve (12) months. You may make this request twice a year, free of charge; see the “Contact Us”section below for details on where to send such requests. You will need to provide information that will allow us to verify your identity to ensure continued protection of your personal information. We do not share personal information with third parties for their direct marketing purposes without your consent, which may be withheld or withdrawn at any time.
INFORMATION ABOUT OUR PARTICIPATION IN PRIVACY SHIELD
Haystack participates in and has certified its compliance with the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks. We are committed to subjecting all information received from the European Union (“EU”), theUnited Kingdom (“UK”), the European Economic Area and Switzerland which constitutes “personal data”subject to the EU’s, the UK, and Switzerland’s privacy laws (“EU, UK, and Swiss Personal Data”), in reliance onPrivacy Shield, to the applicable Privacy Shield Principles. To learn more about Privacy Shield and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List (https://www.privacyshield.gov/list). Our compliance with applicable Privacy Shield Principles is further described as follows:
COLLECTION AND USE; PURPOSE. Haystack collects and uses EU, UK, and Swiss Personal Data as described in the sections above about how we collect and use personal information.
THIRD PARTY DISCLOSURE. We may disclose EU, UK, and Swiss Personal Data as described in the sections above about how and when we disclose personal information.
SECURITY. Haystack protects the security of EU, UK, and Swiss Personal Data during transfer and storage as described in the sections above about how we protect personal information.
ONWARD TRANSFER. Where Haystack transfers personal data from the EU, UK, or Switzerland, we do so under the Privacy Shield framework. Haystack maintains contracts with third parties who acton behalf of Haystack and to whom we transfer personal data that restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations. Haystack complies with the Privacy Shield Principles for all onward transfers of EU, UK, and Swiss Personal Data, including the onward transfer liability provisions.
ACCESS AND CHOICE. Residents of the EU, UK, and Switzerland whose personal data Haystack has directly collected may request access to, and the opportunity to correct, amend, or delete such personal data. To submit such requests or raise any other questions, please contact us at firstname.lastname@example.org. Haystack reserves the right to take appropriate steps to authenticate an applicant’s identity and charge a reasonable fee before providing access and deny requests, except as required by the Privacy Shield principles.
RECOURSE; ENFORCEMENT; LIABILITY.
JURISDICTION. With respect to EU, UK, and Swiss Personal Data received or transferred pursuant to thePrivacy Shield framework, Haystack is subject to the regulatory investigation and enforcement powers of the United States and Consumer Commission.
The Site may, from time to time, make chat rooms, message boards, news groups, or other public forums available to its users, whether by way of our own services or by way of the services or features of a third party. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these areas and avoid posting any personal or sensitive information. If a separate login is required to use these areas, please be aware that you may need to also log out separately.
INFORMATION ABOUT ENFORCEMENT AND DISPUTE RESOLUTION
Haystack has committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact our third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Physical Address: 2261 Market Street #4274 San Francisco, CA 94114