Version 2020.1 | Last updated on Feb.21, 2020 | Archived Versions
Hearken, Inc., and its US affiliate Curious Nation Inc.(“Hearken”, “We”, “us”, “our”) , adhere to the EU – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from the EEA, its Member States, the United Kingdom, and/or Switzerland to the United States. Hearken has certified that it adheres to the Privacy Shield Principles within the scope of Hearken’s Privacy Shield certification.
For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov . To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list .
Data we collect and use
We take industry-standard precautions to secure the data and limit access to the data to authorized entities only. The data is stored encrypted. This ensures that even in the event of a data breach, we protect your private information to the best of our abilities.
Data transfers to third parties
In addition to that list, we may also employ short-term contractors or consultants to perform services or audit our systems.
When we enter into an agreement with a client organization that uses Hearken’s Services, Hearken assumes the role of a data processor. The agreement provides that we process your data as stipulated by the controller for limited and specified purposes consistent with the consent you provided. We will provide the same level of protection as the Privacy Shield principles and will notify the controller if we can no longer meet this obligation upon which the engagement may be terminated.
When we enter into a contract with a third-party provider to process data or provide services on behalf of Hearken, we may share your personal data only to the extent required to perform their services for us. Under the contract, the third-party agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield principle. The agent may process data for limited and specified purposes consistent with the consent you provided. If the agent no longer can meet this obligation, they are required to provide Hearken with notice and stop processing information on behalf of Hearken.
Hearken’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. If Hearken shares Personal Data with a third-party service provider that processes the data solely on Hearken’s behalf, then Hearken will be liable for that third party’s processing of Personal Data in violation of the Principles, unless Hearken can prove that it is not responsible for the event giving rise to the damage. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Hearken is potentially liable.
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
Hearken may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to
(i) comply with a legal obligation,
(ii) protect and defend the rights or property of Hearken,
(iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or
(iv) protect against legal liability.
We maintain reasonable and appropriate security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
If you are a user to whom certain data protection laws apply, you may have certain rights regarding access to your personal information.
You can send us a request to firstname.lastname@example.org to view, rectify or delete information about you collected and held by us.
You may make such requests yourself or via an agent authorized to contact us on your behalf.
We have a duty as the holder of certain personal information to verify your identity when responding to requests to know or delete information to ensure that we do not disseminate information to another person. To verify your identity, we will request and collect additional personal information from you to match it against our records. We may ask you to verify your email address or ask for additional information or documentation if we feel it is necessary to confirm your identity with the necessary degree of certainty. We may communicate with you through email, or other means of communication that is reasonable and appropriate.
We will respond to you within 30 days of verification of the request. If additional time is needed to fulfill your request or to determine our capability of fulfilling your request, we will notify you if such additional time is needed (but not more than an additional 60 days).
We will attempt to respond to and comply with all reasonable requests. However, we may charge a reasonable fee when a request is manifestly unfounded or excessive.
We retain the right to deny requests under certain circumstances. In such cases, we will notify you of the reasons for denial. We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, your account with us, or the security of our systems or networks. We will not disclose, if we are in possession of, your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.
If we are the processor of the information you requested us to delete. We may redirect your request to the controller of the information.
Complaint resolution and binding arbitration
In compliance with the Privacy Shield Principles, Hearken commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Hearken’s Office of the Chief Privacy Officer at email@example.com
Hearken has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
In certain circumstances, the Privacy Shield Framework provides you with the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.
Changes to this Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements. We always indicate the date the last changes were published and offer access to archived versions for your review.
If you have any questions regarding Hearken’s privacy policies or our Privacy Shield certification and compliance, please feel free to contact us by email at: firstname.lastname@example.org.