Privacy Policy Version 2020.4

Privacy illustration

Table of Contents

5

Our Privacy Policy At A Glance

5

About "Us"

5

About "You"

5

Definitions

5

Data we collect

5

Data Handling

5

Sharing Your Data

5
Third-Party Services
5
Business Transfers
5
Related Companies
5
Legal Requirements
5

Role as Processor or Controller

5

Data Retention

5

Data Breach Response

5

Do Not Track

5

Your Rights

5

Requesting Data

5

Children's Privacy

5

External Links

5

APIs, Webhooks, etc.

5

Exclusions

5

Privacy Shield Notice

5

CCPA

5

Policy Changes

5

Contact Us

Version 2020.4 | Last updated on June 29, 2020 | Archived versions

We at Hearken, Inc. (“Hearken”, “We”, “us”, “our”) take the responsibility of protecting your data and privacy very seriously.

This Privacy Policy (“Policy”) explains what data we collect, why we collect them, how we use them and how you can request to view, delete or amend your Personal Data.

This Policy applies to information that Hearken may collect about you in connection with your access and use of the following:

  • The “Websites” located at any of the following domains or their subdomains:
  • Other domains operated by us and from which you are accessing this Policy
  • Our “Platforms” including the Hearken Engagement Management System Platform and Switchboard Community Management System
  • Our social media pages, mobile apps, and any other products and Services offered by Hearken collectively referred to as “Services”
  • Email messages that we send to you that link to this Privacy Policy
  • Other communications including customer support requests, surveys, and SMS texts in which you may provide your information to Hearken.

In this Policy, the Websites, Platform, mobile apps, social media pages, emails, and other electronic locations through which you may interact with Hearken to provide your information are collectively referred to as the “Sites.”

If you do not agree with this Privacy Policy, please do not access or use the Sites or Services.

Our Privacy Policy At a Glance

  • We collect only the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us.
  • We don’t sell you data to third-parties or advertise to you on our platforms or Sites.
  • We use cookies with your consent.
  • We share your data with others under certain circumstances including aiding law enforcement, using third-party Services, etc. See more here.
  • You may request to view, delete or change your personal data by sending a request to privacy@wearehearken.com
  • We may be processing your data on behalf of one of our clients in which case we may direct your request to our client who controls the data.
  • Our privacy policy adheres to the principles and guidelines set by all major online privacy laws and frameworks that apply to us and our users including GDPR, CCPA, EU-US and Swiss-US Privacy Shield and PIPEDA

See our full Policy below for more information

1. About “Us”

As used in this Privacy Policy, “Hearken” refers to Hearken, Inc., together with its subsidiaries and affiliates, including Curious Nation, Inc. and Weathergram, Inc in the US and Hearken Northern Europe ApS providing consumer Services in the EU, Switzerland, and United Kingdom. 

2. About “You”

“You” refers to individuals who access and use the Sites and/or Services.

For example, you may be a client of Hearken who accesses and uses the Sites and Services as the host or organizer of an event (“Client”), and with whom Hearken has entered into a Service Agreement or other agreement containing separate terms and conditions that govern delivery, access and use of the Sites and Services (a “Client Agreement”).

You may be the employee or agent of a Client, who is authorized to access the Platform as an administrator or an authenticated user.

You may be a visitor to our Website who is interested in browsing and learning more about Hearken or a visitor submitting information through our Platform or Services;

If you are invited to register for, check into, or receive information regarding a Client event or service through a Hearken Site or Service, you will be considered an “Event Attendee”

When we collect information from you, we may be doing so on our own behalf (in which case we will be considered a “Controller” of your data), or on behalf of a Hearken Client who is using the Services to solicit comments and feedback, from their stakeholders, manage communities, organize an event and manage other event-related activities (in which case, the Client will be the “Controller” and Hearken will be considered a “Processor” of your data).

3. Definitions

Homepage: The site hosted at wearehearken.com which is used to provide information about the company, market our offerings, products and Services. 

Services: Includes all work done by Hearken including consultation Services, as well as online Services provided via our Engagement technology products and Sites.

Products: Refers to our Engagement and Community technology Services.

User or End-user: A person using our Services as an individual.

Customer: Refers to an individual affiliated with an organization or organization that contracts with Hearken to use our Services.

Authorized User, Administrator, or Admin: A user who is signed in to Hearken systems and is expressly permitted to access all or a subset of information and data stored on Hearken’s systems.

Personal Information, Personal Data, or Personally Identifiable Information (PII):  Refers to the following types of information which may be identifiable to you when you register to use our Services, access various content or features, or directly contact the Site: (i) contact information, such as your email address and name; (ii) your age; and (iii) information for the purpose of authenticating yourself or your account if we have reason to believe, in our sole discretion, that you may be violating site policies or for any other reason we deem necessary.

Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Third-party service: A service that Hearken may use to process personal data.

Data Protection Legislation or Laws: Means laws and regulations applicable to the processing of Personal Data under the Policy, the GDPR, the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, the CCPA, PIPEDA, and the Nevada Act Relating to Internet Privacy (Senate Bill 220 or “SB 220”), to the extent applicable to such processing.

“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016); and until 25 May 2018, the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995; and any applicable legislation adopted by any Member State of the European Union, or by the United Kingdom post its ceasing to be a Member State of the European Union.

The EU-U.S. and Swiss-U.S. Privacy Shields refer to the frameworks that were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

“CCPA” means the California Consumer Privacy Act of 2018, which is referred to as Assembly Bill No. 375.  The CCPA became effective as of January 1, 2020.

“PIPEDA” means the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5), a data privacy law enacted by the Parliament of Canada.

4. What data and information do we collect?

4.1 Information Given to Us by You

When you use Hearken’s products or Services directly or through one of our client organization’s websites, you share some personal information with us such as name, email address, password, demographic information and other information that may be considered personal information by various privacy laws. 

When you register to attend or attend an event hosted or managed by Hearken, you provide us name and contact information.

You share your name and contact information when you subscribe to our email newsletters or other marketing or corporate communications.

4.2 Information We Collect from You

When you use our Services and products, we may collect your IP address, device and browser information.

4.3 Information We Infer from Your Data

To provide better service to you and to safeguard our systems and clients from abuse and fraud, we may make some inferences from the data you give us and the data we collect about you.

The various categories of data we collect and why we collect them are listed below.

CategoryUse
Name or UsernameWe use it to identify your interactions.
Email addressWe use it to contact you with our newsletters, offers, and updates you consented to receive. We may also use it to verify your identity and to send you notifications about anything that needs your attention on our Services.
IP addressWe may collect your IP address when you use our systems. We use it to safeguard our systems and clients from abuse and fraud.
Other contact information such as phone numbersOur clients may use our Services and products to collect your contact information other than email so that they can reach you regarding your submission.
Location information including country, city, postcode, and geocode stored as latitude and longitude.We use the location information you provide to generate anonymized aggregate statistics of usage. We may convert it to geolocation information such as latitude, longitude precise only up to a neighborhood or zip code to prevent personal identification.
Device and browser informationWe use device and browser information collected when you reach out to us via our support channels to diagnose issues and resolve them. We may also use device and browser information to provide you better service by checking for compatibility with our code. We use anonymized aggregate device information to prioritize features and device support. For instance, we may prioritize fixing bugs affecting a particular browser based on aggregate usage statistics of the browser used by our users to access our Services or Products .
Content you submit including posts, votes, images and queriesAll text, votes and files submitted by you are used to provide support and service. We share information collected via our Platforms, forms and embeds created by our client organizations on our service with that client organization. We do not share your activity with one of our clients with other clients. We may share anonymized aggregate data to detect trends and to market our Services.
CookiesWe use cookies to prevent abuse and fraud. We also use cookies via our third-party service providers to collect analytics on how you use the system. This information is used to diagnose issues and to help us serve you better. Please see our cookie policy for more info
Usage audit and analyticsWhen you use our systems as an Authorized User or User with access to our administrative interface, we store an audit of your activities in our database. This is used to prevent any unauthorized access, provide accountability and to prevent misuse of the system. We collect usage information when you use our websites or platforms to help us prioritize features and troubleshoot issues.
Payment informationWe may collect payment information from you when applicable. Such data is only used for purposes that you explicitly consent when giving us or our designated service provider the information.
Transcript and recordings of callsWhen you engage our Services, your calls may be recorded and transcribed for record keeping. This data is used to tailor our Services to best fit our needs and for quality assurance purposes.

5. How we handle your data

Any data that can be attributed to a single user or a household is treated as Personal Information or Personally Identifiable Information as designated by various privacy laws and we take all standard security precautions while handling your data.

Access to such data is restricted to authorized personnel or Services only. (See section on our third-party Services for more information).

We take industry-standard precautions to secure the data. The data is stored encrypted. This ensures that even in the event of a data breach, we protect your private information to the best of our abilities.  See our information security policy for more information

The data infrastructure is located in North America. We store your data in the following systems:

  • Relational databases and document stores: We store your data on a persistent storage that is encrypted at multiple levels.
  • Log files: We may record events that occur when you use our products or Services in one or more files collectively known as log files.
  • Other files: We may store your data in other forms of transient or persistent storage on our infrastructure.
  • Caches: To effectively scale our Services, we store your information in multiple caching Services.
  • Third-party Services: When applicable, we use third-party Services to store and process your information. (See third-party Services section for more information)
  • Backups and code repositories: We store information backup for business continuity.

We do not intentionally collect protected or sensitive personal information, such as social security numbers, genetic data, health information, etc.

We realize that you might share this information on our Platform, such as in posts, messages or comments. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are in North America.

Information in your posts, comments, messages, and stories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service.

We do not access your private messages exchanged with other users unless required for security or maintenance, or for support reasons. In such cases, we will do so only with your consent.

6. Who We Share Data With

Hearken is not in the business of selling your information.

We consider the information you shared with us to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your data with certain third parties without further notice to you, as set forth below:

6.1. Third-Party Services

Hearken, like many businesses, sometimes hires other companies, short-term contractors or consultants to perform certain business-related functions. We only engage with individual or business who have agreed to our privacy restrictions and terms or have published privacy policy and terms providing similar levels of protection.

We may share your information with these Services, only to the extent required to perform the function we use them for. These Services are permitted to use your personal data only to the extent required to perform their Services for us.

Third-party Services we currently use, as of the last update of this Privacy Policy, are listed below. Please visit the individual data use and privacy policy to learn more about them.

Hosting and technical infrastructure

We do not share any PII explicitly with these Services. However due to the nature of their use, these Services may have access to some PII such as your IP

NameUse
Amazon Web Services Hosts and processes our data and Services for our Platforms Sends transactional emails for Switchboard Community Management Service(“CMS”)
HerokuHosts and processes our data and Services for Engagement Management Service(“EMS”)
Google Cloud PlatformHosts some Services and code for related Services
Square SpaceHosts some Hearken operated websites Provides a platform for ticket sales for events.
KinstaHosts wearehearken.com website
GithubHosts code and repositories. We do not store any user data in Github
Hosts public code samples and developer wiki.
New RelicStores and process events and error reports for EMS
SentryStores and process event and error reports for CMS

Analytics and usage

We share information with the analytics platforms only if you have consented to accepting cookies. For signed in users, we may share your name and contact information to be able to serve you when you reach out to us for support.

NameUse
Google AnalyticsCollects usage data about how you use our Sites and Services
reCaptchaProtect system against bots and spam
ChurnzeroCollects usage data about how Authorized Users and Admins use the EMS Admin platform
HubSpotProvides support, for marketing and for scheduling calls with prospective or current partners. When you sign up for a discovery call or request any gated content on Hearken’s Site, your information will be passed to Hubspot.

Support, Marketing and event management

These services have access to your contact information when you use Hearken features that process data through these services.

NameUse
EventBriteManages sign-ups for our events and webinars so that we may keep in touch with attendees before and after an event
HubSpotProvides support, for marketing and for scheduling calls with prospective or current partners. When you sign up for a discovery call or request any gated content on Hearken’s Site, your information will be passed to Hubspot.
IntercomProvides support via email, chat interface and documentation. We share Authorized Users’  name and email so we can identify you when you reach out to us

Communication

These are services we use to communicate within Hearken team as well as with Users or clients. We do not explicitly share information with these services. But they may have access to the information we store on these services. For instance: Slack platform will have access to your email address if you are added as a Slack user or if our integration posts user information into our internal Slack

NameUse
SlackWe use Slack to communicate within our team as well as with some clients. We also add some third-party service integrations.
ZoomZoom provides our video conferencing platform for video meetings and webinars. We use the Zoom sign up function to allow participants in meetings and webinars to keep in touch before and after an event.
GmailOur main emailing platform  
Google HangoutsWe use Google Hangouts as our video conferencing platform for some video meetings and webinars.
Google CalendarUsed to schedule our meetings, calls and webinars with clients.
MailChimp and Mandrill,Send emails and newsletters to our users
Amazon Web ServicesSend emails and newsletters to our CMS users
WhimsicalUsed for strategic planning and consultation documentation
NotionUsed for internal documentation
Trello,Used to track our work items and support tickets from our Users and Customers.
Google Drive Used to store and collaborate on documents.
AirTable,Used to store internal documentation including some information about our client contracts and invoices.

Other data processing Services

These services are used for specific data processing tasks. Only data required to complete the task is shared with them. No PII is shared unless absolutely necessary

NameUse
DelveTranscribes our discovery and service calls.
HarvestTrack time consultants spend on client calls.  
OtterAiTranscribe our discovery, service and sales calls.  
PandaDocManage contracts with our clients and third parties.
DocuSignManage contracts with our clients and third parties.
ZapierUsed to connect our Services with other third party Services
Mapbox,Used to geocode and display maps
Google MapsUsed to geocode and display maps
BonsaiHosts elastic search data indices to enable search functionality for EMS
ElasticHosts elastic search data indices to enable search functionality for CMS
Typography.comProvides custom fonts
Google FontsProvides custom fonts

Financial Information

These services have access to financial information of Hearken employees or our contracts with our clients. They are integrated sparingly with other systems to isolate sensitive and protected information

NameUse
QuickbooksTracks our accounting information including invoices and payments from our clients.
FathomUsed to supplement financial data in Quickbooks
AirtableUsed to store internal documentation including some information about our client contracts and invoices.
PaylocityPayroll platform for employees and contractors or Hearken.
Stripe Payment platform for events and memberships.

6.2. Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. 

We may also share your Personal Data with our Related Companies for purposes consistent with this Privacy Policy.

Hearken may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to 

  • comply with a legal obligation, 
  • protect and defend the rights or property of Hearken, 
  • act in urgent circumstances to protect the personal safety of users of the Services or the public, or 
  • protect against legal liability.

7. Hearken’s Role as Data Controller or Processor

As set forth in privacy laws, a company that has access to your data may be considered a Data Controller or Processor. 

As a company, Hearken is sometimes the Data Controller and sometimes the Processor. The following section details when we are considered a Controller and when we are a Processor.

As it relates to our marketing website, Hearken is a Data Controller.

When Hearken collects your information when you register for or attend an event, we are the Controller.

When we enter into an agreement with a client organization, Hearken assumes the role of  a Data Processor as it pertains to user submissions. We process data as stipulated by the organization and in accordance with applicable data protection laws. We retain the right to use some of the information entered by the end-users for business continuity purposes.

Hearken is the Controller of any activity by an end-user that affects more than one of our client organizations. We also own usage audit, analytics and similar information about how the users engaged with our platform and Services. Such data may include user’s contact information and anonymized statistics on the content submitted to our Services.

7.1. Responsibilities as A Controller

As a Data Controller, Hearken will store and retain your data as required by law and as needed for business purposes. We do not sell your data or use it in personally-identifiable formats other than for purposes they were collected for and established in this privacy policy.

We provide mechanisms for our users to access, amend or delete their personal data as long as the request is reasonable and in accordance with the laws. See section on data requests for more information.

7.2. Responsibilities as A Processor

As a Data Processor, Hearken will store and retain your data as required by law and as needed for business purposes. We do not sell your data or use it in personally-identifiable formats other than for purposes they were collected for and established in this privacy policy.

We will process the data as stipulated by the Data Processor in our agreement. We may share data through our APIs or webhooks with other Services as directed by the Data Controller. The responsibility for such transfers resides with the Controller.

We will respond to reasonable requests from the Controller to access, amend or delete data for an individual user or collective user set as required by the law. Any additional cost incurred to perform such requests will be borne solely by the client in such cases. Controllers may reach out to us via our support channels or by sending us an email at privacy@wearehearken.com

When we are the Processor, we will provide any Personal Information you submit through our Sites or Services to the Controller

Hearken does not control the information that a Controller requests from the end-user through our platforms. We are not responsible for any decisions or actions taken by the Controller with respect to your information (or by any third party with whom the Controller may share your information). Please read the applicable privacy policies of the Controller before submitting Personal Information.

8. Data Retention

We will not hold your personal information for any longer than is necessary for the uses outlined above, unless we are required to keep your personal data longer to comply with the law and any regulatory requirements. Where Hearken is the Controller of personal data we will retain your data for up to 3 years after your last active interaction with our Site and Services.

Where Hearken is the Processor, we will hold your personal information until told otherwise by the Controller or for up to 3 years after the Controller ceases to be a client. For more information on how your information is used by Controllers, please refer to their respective Privacy Policies.

9. Data Breach Response

On becoming aware of a Data Incident, Hearken will: 

  • notify any authorities as required by laws;
  • notify the Controller or the Customer of the Data Incident without undue delay; 
  • make reasonable efforts to identify and mitigate the cause of such Data Incident; and,
  • where the Data Incident was not caused by Customer or any Authorized User, take necessary steps that Hearken deems reasonable in order to remediate the cause of the Data Incident.

10. Do Not Track Signal Handling

Most popular browsers provide mechanisms for the users to send a “Do Not Track” signal to websites they visit. There is no consensus on what such signals mean in user privacy context. Hearken does not respond to Do Not Track signals and/or other similar mechanisms that provide consumer choice about tracking.

11. Your Rights as A User

If you are a user to whom certain data protection laws apply, you may have the following rights regarding your personal information.

11.1. Right to Know, Rectify and Delete Personal Data

You have the right to know and delete information on you collected by us. You have the right to request the following:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

Under some laws, you may also have rights to do the following:

  • The right to have your personal data rectified if it is inaccurate or incomplete;
  • The right to request to have your personal data deleted in certain specific circumstances as set out in the Data Protection Legislation;
  • The right to request to restrict the processing of your personal data in certain specific circumstances as set out in the Data Protection Legislation;
  • The right to ask us not to process your personal data for marketing purposes or for purposes based on our legitimate interests;
  • The right to ask us to not undergo automated decision making; and
  • Where you have provided consent, to request to withdraw such consent at any time.

Data collected on you over the last 12 months or other period of time specified by Data Protection Laws is subject to the above provisions and rights.

11.2. Right to Opt-Out

We do not sell your data. Our users do not have to request to opt-out of sale of their data.

If you have consented to receiving marketing communications regarding products and Services that we believe may be of interest to you and you later decide that you no longer want to receive this type of marketing or promotional information, you may opt-out at any time by clicking the “Unsubscribe” button at the bottom of the marketing communication, or contacting us at privacy@wearehearken.com

You may also submit requests to access, update, correct or delete your Personal Information, to no longer receive communications, or to “opt-out” of certain Services, by contacting us at the above email address.

11.3. Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us as a result of exercising any of your privacy rights.

Our ability to verify your identity is important to us being able to detect spam submissions and bots. If you chose to not verify your email address, we may be unable to provide the same level of service.

12. Responding to Data Access Requests 

You can send us a request to privacy@wearehearken.com to view, rectify or delete information about you collected and held by us. 

You may make such requests yourself or via an agent authorized to contact us on your behalf.

If you are an Authorized User on one of our Platforms or Services, you may have an option to view and modify your information on the platform.

12.1 Verifying identity

We have a duty as the holder of certain personal information to verify your identity when responding to requests to know or delete information to ensure that we do not disseminate information to another person.

To verify your identity, we will request and collect additional personal information from you to match it against our records. We may ask you to verify your email address or ask for additional information or documentation if we feel it is necessary to confirm your identity with the necessary degree of certainty. We may communicate with you through email, or other means of communication that is reasonable and appropriate. 

We will respond to you within 30 days of verification of the request. If additional time is needed to fulfill your request or to determine our capability of fulfilling your request, we will notify you if such additional time is needed (but not more than an additional 60 days).

We will attempt to respond to and comply with all reasonable requests. However, we may charge a reasonable fee when a request is manifestly unfounded or excessive.

We retain the right to deny requests under certain circumstances. In such cases, we will notify you of the reasons for denial. We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, your account with us, or the security of our systems or networks. We will not disclose, if we are in possession of, your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.

If we are the Processor of the information you requested us to modify or delete. We may redirect your request to the Controller of the information.

12.2. Propagation and Persistence of Requests

We will make reasonable attempts to notify any third-party Services we may have shared your data with if your request requires making changes to or deleting the shared data. We are not responsible for making sure that such requests are completed.

Because of the nature of the infrastructure and redundancy built in, some data may persist for longer than intended.

13. Children’s Privacy

Hearken does not knowingly collect Personal Data from children under the age of 13.

The Services are intended for a general audience and are not intended for and should not be used by children under the age of 13. We do not knowingly collect information from children under the age of 16. 

If a Controller chooses to collect information from users who have not verified their age, we will consider this information as one-time transactional information. We will limit who has access to the PII information from users whose age is not verified.

Entering age information in fields of the form that is not intended for such purposes do not construe to us being aware of the user’s age.

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Site without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Hearken through the Site, please contact us at privacy@wearehearken.com. We will endeavor to delete that information from our databases and other stores as soon as reasonably practicable.

This Privacy Policy applies only to the Site and our Services and Products. The Site may contain links to other web Sites not operated or controlled by Hearken (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third-Party Sites. The links from the Site, Services or Products do not imply that Hearken endorses or has reviewed the Third-Party Sites. We suggest contacting those Sites directly for information on their privacy policies.  

15. API, Webhook Usage or Data Downloads

As an Authorized User, when you use our APIs and webhooks or download data, you agree to treat personal data with reasonable precautions and security and to respect the data subject’s privacy elections and process data in accordance with this privacy policy.

We are not responsible for the data once it leaves Hearken systems. We do not hold responsibility for verifying the terms of Services of the third-party Services or systems that the Authorized Users of our systems send the data to. When delivering data via webhooks, we are acting as the Data Processor complying with the instructions given to us by our clients who act as the Data Controller.

16. Exclusions

16.1. Unsolicited Submissions

This Privacy Policy does not apply to any Personal Data collected by Hearken other than Personal Data collected through our Site, Services or Products. This Privacy Policy shall not apply to any unsolicited information you provide to Hearken through the Site or through any other means. This includes, but is not limited to, information posted to any public areas of the Site, such as forums, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Hearken shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

16.2. Business Critical Data

Any data that is reasonably and demonstrably required for our conduct of business or has a legitimate business purpose may be excluded from being deleted.

16.3. Anonymized Data

Any data that is not directly connected to a single user or household is excluded from the terms of this privacy policy.

16.4. Published or Publicly Available Data

Any data submitted to us directly or to our clients (Data Controllers) that has already been published on a public forum including news website is excluded from the terms of this privacy policy.

16.5. Data that Is No Longer on Hearken Controlled Systems

Any data that has already been sent out of our systems including notifications sent to Slack, API responses, webhook responses, emails and newsletters are not subject to the terms of this Privacy Policy.

16.6. Data stored in backups

Any data that has been moved out of our primary and active systems into inactive backups or storage are exempt from requests to know, modify or delete.

However, if the data were to be restored from these backups for any reason, we will take reasonable steps to ensure that all privacy elections are applied to the restored data.

17. Cross-Border Transfer; Privacy Shield Notice

We are part of a global network and interact with users and use third parties located in other countries to help us run our business. As a result, personal information may be transferred outside the countries where we and our clients are located. This includes transfers to countries outside the European Economic Area (“EEA”) and to countries that may not have laws that provide the same degree of protection for personal information as your home country. We have taken steps designed to facilitate adequate protection for any information so transferred. 

Hearken, Inc., and its affiliated US entity, Curious Nation, Inc., adhere to the EU – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from the EEA, its Member States, the United Kingdom, and/or Switzerland to the United States. Hearken has certified that it adheres to the Privacy Shield Principles within the scope of Hearken’s Privacy Shield certification. To learn more, see our Privacy Shield Policy.

When we transfer personal information outside of the EEA to a country or framework not determined by the European Commission as providing an adequate level of protection for personal information, the transfers will be under an agreement which covers European Union requirements for such transfers, such as standard contractual clauses. The European Commission approved standard contractual clauses are available here.

18. Your California Privacy Rights

California Consumer Privacy Act of 2018(“CCPA”) is a data privacy law that establishes various rights for Californians. To learn more about your rights as a California resident, see our CCPA policy which supplements our main Privacy Policy detailed on this page.

19. Changes to the policy

We update this Policy from time to time at our discretion. We will not reduce your rights under this policy without your explicit consent. We will not, without your consent, use your Personal Data in a manner materially different than what was stated at the time your Personal Data was collected.

When changes in the policy are significant, we will notify our authenticated users of any material changes to the way in which we treat Personal Data by posting a notice on relevant areas of the Services.

We will also provide notice to you in other ways at our discretion, such as through contact information you have provided. Any updated version of this Privacy Notice will be effective immediately upon the posting of the revised Privacy Notice unless otherwise specified. Your continued use of the Services after the effective date of the revised Privacy Notice (or such other act specified at that time) will constitute your consent to those changes. 

We always indicate the date the last changes were published and we offer access to archived versions for your review.

20. Contact Us

If you have any questions about this Privacy Notice, please feel free to contact us by email at: privacy@wearehearken.com