Last Updated: August 3, 2020
1. What We Collect
When you interact with our Service, we collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”).
Personal Data You Give Us. When you sign up for or use the Service, you voluntarily give us certain Personal Data, including your name, email address, phone number, payment info, and physical address. You may also have elected to give us access to your contacts.
We may also collect non-Personal Data, such as your time zone or language.
Automatically Collected Data: When you use the Services, the following information is created and automatically logged in our systems:
- Log data: Information (“log data”) that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Service.
- Device information: Includes type of device you are using, operating system, settings, unique device identifiers such as IP address, geolocation data, duration of Service use, and connection quality, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
- Usage Information: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, the other users you interact with and the time, frequency and duration of your activities.
2. How We Use Data
We use the Personal Data we collect, as described above:
- To authenticate users, provide the Service, process transactions and respond to your requests. If you give us access to your contacts, we’ll store those contacts on our servers for you to use. This will make it easy for you to do things like share, send emails, and invite others to use the Service. For users located within the EU, this use is necessary to perform the contract with you.
- As necessary for certain legitimate business interests, which include the following:
- To customize the user experience.
- To better understand how visitors interact with our Site and ensure that our Site is presented in the most effective manner for you, and as part of our efforts to keep our Site, network and information systems secure.
- To conduct analytics to inform our marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our users.
- To provide communications by post which we think will be of interest to you.
- If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing.
- To conduct research on user demographics, interests and behavior based on your Personal Data and other information provided to us in an ongoing effort to better understand and serve our users. We compile and analyze this research on an aggregated basis, and may share this aggregated data with our partners.
- Marketing. We may use your Personal Data to contact you in the future to tell you about services we believe will be of interest to you. Where required by law, we will only send you marketing communications if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by updating your user settings. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
We will offer you the opportunity to opt out whether your personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. We will provide you with reasonable mechanisms to exercise their choices.
Highfive’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
For information on your rights under the applicable European Union (“EU”) law, please see the “European Union (EU) Users” section below.
3. With Whom
We may share your Personal Data and other information with certain third parties in the following circumstances:
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, your Personal Data and other information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
- Business Partners: We may disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
- Other Users: Our Service displays portions of your Personal Data like your name and email address to other users in places like your user profile and sharing notifications. Certain features let you make additional information available to other users.
- Administrators: If your account has been assigned or provided to you by someone else, for example your employer, an administrator or another user who has invited you to access and use the Service, they may have the ability to access and view your use of the Service and your Personal Data. Please refer to your employer’s internal policies if you have questions about this.
- Law and Order: In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We Do Not Sell Your Personal Information
Highfive uses customer content only in connection with providing the Service. We do not sell, monitor or use your Personal Data to advertisers or other third-parties. We do not allow marketing companies, advertisers or similar companies to access personal data in exchange for payment. We do not allow third parties to use any personal data obtained from us for their own purposes, unless you consent (e.g., when you download a third-party app from the Marketplace). Our customers may use the Service to generate their own marketing leads and they may provide marketing information to you. When you use the Service, you may provide your data to the host of the meeting, and if required, any consent that you give about your data would be to them, as well. We may keep the data about the meeting in our system in order to facilitate the meeting call, but Highfive does not use or share that data other than to provide the Service. A user may also charge for the meeting call. Again, that transaction is between the host and participant of the meeting call. Highfive is not selling any data.
As described in the Marketing section, Highfive does use certain standard advertising tools on our marketing sites which, provided you have allowed it in your cookie preferences, sends personal data to the tool providers, such as Google. This is not a “sale” of your data in the sense that most of us use the word sale. However, California’s CCPA law has a very broad definition of “sale”. Under that definition, when Highfive uses the tools to send the personal data to the third-party tool providers, it may be considered a “sale”. It is important to know that advertising programs have always worked this way and we have not changed the way we use these tools. It is only with the recent developments in data privacy laws that such activities may fall within the definition of a “sale”.
4. Around the world.
To provide you with the Service, we may store, process and transmit your Personal Data in the United States and locations around the world – including those outside your country. By accessing and using the Service, you consent to us storing, processing and transmitting your Personal Data outside of the country you reside, or are located, at the time you access and use the Service. Your Personal Data may also be stored locally on the devices you use to access the Service If you are located in the European Economic Area, the countries we transfer your Personal Data to may have protection laws less stringent than or otherwise different from the laws in effect in your own country. We will implement appropriate safeguards to ensure that your Personal Data receives adequate protection, wherever processed. You can ask more information on these safeguards by contacting us at firstname.lastname@example.org.
During use of Highfive. When you use Highfive, some data will be disclosed to other participants and to meeting or webinar hosts. For instance, when you attend a meeting, your name might appear in the attendee list. If you turn on your video camera, your image will be shown. If you send a chat or share content, that can be viewed by others in the chat or the meeting.
Customer Content, Dashboards and Reports. Customer content, including information shared during meetings, information about participants in meetings and any recordings of meetings, belongs to our customers. Customers may use this content, which may include personal data about participants, for their own purposes. Customers may also receive data we collect (for example, participants’ names) when they generate Highfive dashboards and usage reports for themselves.
At the direction of our Customers. As described more below, under the EU’s GDPR, Highfive is a “Processor” of customer content and personal data that our Customers may put into our systems when they use Highfive. Our customers are the “Controllers”. We follow their directions regarding this data, and may store it, delete it, or disclose it at their direction.
For Legal Reasons. We may also disclose data when we respond to valid legal process including jurisdiction. Highfive’s policies regarding compliance with valid legal process preclude cooperation where a government does not have jurisdiction. Highfive may also disclose data when reasonably necessary to preserve Highfive’s legal rights.
To Third Party Service Providers. We use third-party service providers to help us provide portions of the Highfive services and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing customer support tickets. They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party. We prohibit our service providers from selling data they receive from us or receive on our behalf. We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide customer support. The information they may receive as part of providing that support cannot be used by them for anything else.
5. Data Retention
Cloud Recording Retention
Notwithstanding the retention Policy above, all European Union (EU) User recordings will be erased after 180 days. You may download recordings onto your personal device within the 180-day period. Within 60 days after the 180-day period, you will only be able to retrieve any previously recorded material by contacting HIghfive Support directly. However, after the subsequent 60-day period, you will be unable to retrieve any material recorded from the prior 240 days.
Notwithstanding the retention Policy above, all Non-EU User recordings will be erased after 365 days. You may download recordings onto your personal device within the 365-day period. Within 60 days after the 365-day period, you will only be able to retrieve any previously recorded material by contacting HIghfive Support directly. However, after the subsequent 60-day period, you will be unable to retrieve any material recorded from the prior 425 days.
Please Note: These timeframes are defaults and may be adjusted for your organization, based upon the needs of your geography, industry or other considerations.
6. European Union (EU) Users
Scope. This section provides information on your rights under EU law (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).
Data Controller. You are the data controller for your Personal Data.
Your Rights. Subject to EU law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to erase your Personal Data in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable). If we shared your data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that Personal Data in an automated way. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest (described under the “How We Use Data” section above) to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may contact us at email@example.com to exercise your rights.
Please note that for personal information about you that we have obtained or received for processing on behalf of a separate, unaffiliated entity–which determined the means and purposes of processing, all such requests should be made to that entity directly. We will honor and support any instructions they provide us with respect to your personal information.
7. Publicly Posted Information
8. Our Policy Toward Children
9. Links To Other Sites
We take reasonable steps to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Service may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing your Personal Data to us via the Internet.
11. Cookies and Other Technologies.
If you would like to request information about third parties that collect Personal Data on our site for direct marketing purposes please contact us at firstname.lastname@example.org.
13. Update Your Information
If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us at email@example.com. We will address your request as required by applicable law. You are also able to update your Personal Data yourself from your user settings.
14. Privacy Shield
Highfive Technologies Inc. participates in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and have self-certified to the U.S. Department of Commerce our adherence to the Privacy Shield Principles for all personal information received from countries in the European Economic Area and Switzerland in reliance on the Privacy Shield. To learn more about Privacy Shield, visit the Privacy Shield website at https://www.privacyshield.gov/list.
Under Privacy Shield, Highfive Technologies Inc. is responsible for the processing of personal information we receive and subsequently transfer to a third party acting for or on our behalf. Highfive Technologies Inc. is liable for ensuring that the third parties we engage support our Privacy Shield commitments. Highfive Technologies Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Privacy Shield. Highfive Technologies Inc. commits to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of personal information about you pursuant to Privacy Shield, including to the panel established by the EU authorities and the Swiss FDPIC. This is provided at no cost to you. For more information, see the Privacy Shield Complaints section below.”
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
15. Contact Us