Privacy policy
1. General conditions
1.1 The following privacy policies regulate the treatment of personal information in “Hibox®”, from this point forward “the Application”. The purpose of this Privacy Policy is to describe which type of data and personal information we collect from users, the purpose for which they are used, what rights users have to protect themselves and before whom and under which circumstances we can reveal them.
1.2 The application was developed by Hibox, from this point forward the “Supplier”, and operated by the Client, from this point forward the “Operator”. All the “we”, “us” references, or every first person of the plural form, means the “Supplier” and the “Operator” jointly.
1.3 This document is an Annex to the Terms of Use which can be found on the Operator’s Web Page. All the definitions that can be found there are applicable.
1.4 We, the group who makes the Application possible, believe that the privacy of Users’ data and personal information is fundamental. For this reason, we created this Privacy Policy to attempt to protect their online security.
2. Collection of information
2.1 Collection of non-personal information
2.1.1 Certain non-personal information from visits to the Web Site is registered to keep the internet servers operating normally. Non-personal information that we collect may include IP addresses, which operating systems is being used (for example Mac, Windows or Linux), which browser is being employed by the User, (for example, Chrome, Firefox or Internet Explorer), the number and the frequency of visits to the Web Site, in which Web Site the visitor was on just before visiting our Site, and standard web sign up information, like connection information, page stats, website traffic address and advertising data. By visiting or using the website, we can collect some non-personal information about you using small files called “cookies”. We use cookies for various purposes, like recognizing website visitors, to determine the number of unique visitors to the website, to determine which pages they visit and to make internal revisions of our website. We can associate information that we collect using cookies with personal information that we compile through the Application. We can combine information and use it, for example, to personalize your experience on the web site or personalize marketing communications. You will be free to remove cookies but it is possible that upon doing so you will be unable to use some website functionality. The “Help” option on the toolbar that most of the browsers have will indicate how to configure your browser to not allow new cookies, how to receive notifications when you receive new cookies or how to remove cookies from your hard drive. Information that we collect through cookies, and that we are able to share, is anonymous and not identifiable with any person. It does not include your name, address, phone number or email. We can allow advertising on our web site, the advertising company can use cookies. We have no control over third party cookies.
2.2 Collection of personal information
2.2.1 All the information that the Application receives from Users will be properly protected, in a way that it cannot be communicated, modified, or shared publicly except under the conditions or cases that current legislation allows. Consequently, both the Supplier and the Operator will employ all technical measures and legal provisions needed to ensure the protection and privacy of personal data.
2.2.2 You can visit our website without giving your name or transmitting personal data. If you accept participating as a User of our Application you consent to:
- During the creation of your user we require, among other things, your name, surname, email, postal address, phone and age.
- Your personal information will be transferred and stored in our servers in United States or Europe, depending on your location.
- If you sign up through Linkedin® the Application will be able to read and store your CV, profile photo and job and education history.
- This Application will not be able to access your private messages or store your Linkedin® password.
2.2.3 Your user account will be protected by a password for your privacy and security. You must prevent any non-authorized access on your computer by choosing an appropriate password and keeping it out of reach from third parties. You should restrict access to your computer, and whenever possible, terminate your account’s session for the Application when you have finished using it.
2.3 Google user data
2.3.1 The application accesses Google user data to 1) view and manage the files in your Google Drive and 2) manage your contacts. The application will not use your Google user data for any other purpose besides the aforementioned. We do not save any Google User information.
The Personal Data processed concerns the following type and purpose:
| Personal Data collected | Purpose |
| Anonymized format IP address | User behaviour analysis |
| Device screen resolution | User behaviour analysis |
| Device type (unique device identifiers), operating system, and browser type | User behaviour analysis |
| Geographic location (approximate) | User behaviour analysis |
| Preferred language used to access Hibox | Improve user experience |
| Mouse events (movement, location and clicks) | User behaviour analysis |
| Keypresses | User behaviour analysis |
| Referring url and domain | User behaviour analysis |
| Pages visited | User behaviour analysis |
| Date and time when website pages were visited | User behaviour analysis |
| Random user ID | User behaviour analysis |
| Full name (optional) | Improve user experience |
| Email address (optional) | Improve user experience |
3. Use, access and destruction of personal information and data
3.1 We do not sell or redistribute User’s personal data and it will not be used for purpose beyond the scope of this Application.
3.2 As a user, you accept that we can use your personal information for:
- Providing the service and technical support that you request.
- Communicate information regarding our services. This includes, but it’s not limited to, onboarding emails, end of trial notifications, service changes notifications, etc.
- Resolving disputes, answering emails or other requirements.
- Personalizing, measuring and improving our services and content.
3.3 Any User that wishes to suspend the authorization given to the Application, will be able to do so following the steps described in clause 7.1.1 of the Terms of Use.
4. Disclosure personal data and information
4.1 We do not sell your information to any third parties or disclose it in exchange for money or other valuable consideration. We do not share your Personal Data with others except as indicated within this Notice, or when we inform you and give you an opportunity to opt-out of having your Personal Data shared.
4.2 We will never use Invitee data to send direct marketing via emails, SMS, physical mailings, or other similar communication channels to advertise or promote the use of our product and services or those of a third-party.
We may share information we collect about you, including Personal Data, in the following ways:
With third-party Service Providers, agents, contractors, or government entities. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services to you:
We may engage Service Providers to process credit card transactions or other payment methods. We may also engage Service Providers to provide services such as monitoring and developing Hibox services; aiding in communications, infrastructure, and IT services; customer service; debt collection; analyzing and enhancing data. These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the above-listed types of information that we request may be collected by third-party Service Providers on our behalf.
We may share information with Service Providers and government entities for legal, security, and safety purposes. This includes sharing information in order to enforce policies or contracts, address security breaches, and assist in the investigation of fraud, security issues, or other concerns.
We require Service Providers to agree to take reasonable steps to keep the Personal Data that we provide to them secure. We do not authorize them to use or disclose your Personal Data except in connection with providing their services.
We may disclose information to current or future affiliates or subsidiaries for research, marketing, and other purposes consistent with this Privacy Notice.
We may share your data if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal, or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable Terms of Use or this Notice, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Hibox; to detect, prevent, or otherwise address, security or technical issues, illegal, or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding.
If you are using Hibox as a paid member of an organization or using your organization’s email domain (thereby representing yourself as a member of the organization), we may share your email address and plan information with an authorized agent of your company upon request in order for them to administer the account for the company.
5. Security of information and personal data
5.1: We have taken reasonable steps to help protect the personal information we collect. More information on Hibox security and storage practices is available below:
Data Hosting
5.1.1: AWS (Amazon web services: Heroku’s physical infrastructure is hosted and managed within Amazon's secured data center, please click here to know more about Amazon's secured data center. Hibox leverages all of the platform’s built-in security, privacy and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
5.1.2: Heroku: The Hibox application is hosted on Heroku using AWS technology. Please click here to know more about Heroku's commitement to trust
5.1.3: Hibox backups are replicated between AWS and Google Cloud Platform for high redundancy. Please click here to know more about Google's trust and security
Encryption:
Data that passes through Hibox is encrypted, both in transit and at rest. All connections from the browser to the Hibox platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Hibox requires HTTPS for all services. Hibox uses HSTS to ensure browsers interact with Hibox only over HTTPS and is on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
5.2: Hibox takes the security of your personal data very seriously. We work hard to protect the personal data that you provide from loss, misuse, and unauthorized access, or disclosure. Given the nature of communications and information processing technology, there is no guarantee that personal data will be absolutely safe from access, alteration, or destruction by a breach of any of our physical, technical, and managerial safeguards.
5.3: Hibox has a dedicated team of compliance and security experts to help meet our rigorous privacy and security standards. Our policies, procedures, and technologies enable us to comply with and exceed industry standard requirements.
5.4: The User has sole responsibility for all his activity on his account, whether realized by the User or a third party using his or her account. If you believe your account has been compromised, you should immediately contact us by email at [email protected]. The User agrees to indemnify and hold us undamaged for losses suffered due to the use of his or her account by another person.
5.5: You should take steps to protect against unauthorized access to your device and account by, among other things, choosing a unique and complex password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
5.6: We retain the personal data we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims.
6. Use of Third Party providers
We use a select number of trusted Third Party providers to help us provide Services to You. We only share information with the Third Party that is required for the service they are offering and contractually bind these providers to keep any information We share with them as confidential and to be used only for particular purposes. For example, amongst others, We have providers that process Our credit card transactions, support Our internal ticketing/support system, and manage Our marketing communications. Similarly, it may be necessary to share Your personal information or part of it, with Amazon Web Services which stores the information within their servers, solely related to the storage facilities. By using Hibox, You explicitly consent to, and authorize us to sub-contract in this manner.
7. Age restrictions.
7.1 You confirm and guarantee that you are at least eighteen (18) years old, if you are under eighteen (18), you may not, under any circumstance or any reason, use this Application.
8. Unforeseen circumstances
8.1 In the event that we or any of our assets are acquired by a third party, personal information acquired by us could be one of the assets transferred in this acquisition.
9. Third party websites
9.1 We are not responsible for the policies, content or norms of third party websites that the to which the Application or its content can be linked. Please review the specific privacy policies from these websites to learn how they collect and use personal information.
10. Hibox Scheduler Data Retention
10.1 How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
11. Changes in our Privacy Policy
11.1 By registering as a User, using the Application or our website, you accept the conditions described in this privacy policy.
11.2 On occasion, it could be necessary for us to change some of the terms of this policy. In the event of a change we will inform you through this same website by publishing an updated version of this document. If you continue to use the Application, this will imply acceptance of those changes.
11.3 If you have any questions, comments or concerns regarding our Privacy Policy, you can contact us at [email protected].
12. Software development lifecycle
12.1: Routine audits: Hibox continuously scans the product for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and take action when an incident has been detected.
12.2: New releases: New releases to the Hibox platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests and end-to-end tests. Changes are run against our continuous integration server, which enables us to automatically detect any issues in development.
12.3: Quality assurance : Once a changeset is completed, it is manually peer reviewed by one or more members of the engineering team on our staging server, we deploy it on production after tested and confirm by the QA team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test and further evaluate the user experience.
12.4: Continual monitoring: After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.
13. Vulnerability management policy
13.1: Mobile device management (MDM): We secure our employees' machines and laptops using mobile device management to ensure that each device follows our information security standards, including encryption.
13.2: Malicious software prevention: Our employees’ equipment is defended by anti-malware software, and we run routine phishing tests to further educate and train employees.
13.3: Vulnerability scanning: We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.