Join us every Wednesday for a weekly live demo of Heap

Heap Privacy Policy

Last Updated: May 20, 2021

Welcome and thank you for your interest in Heap Inc. (“Heap”, “we”, “our” or “us”). Heap is a user behavioral analytics product and service. We allow businesses and websites to collect and analyze data about how their users are interacting with their services. Heap does this by collecting data on what users are doing, including but not limited to what webpages they visit, what users click on, where those users are located, what browser or platform those users are using, and many other forms of behavioral or personal data.

This Privacy Policy explains how information about you, that directly identifies you, or that makes you identifiable (“personal information”) is collected, used and disclosed by Heap when you use , our website https://heap.io/ (the “Site”), and other online products and services that link to this Privacy Policy (collectively, the “Service”).

  • Heap as a Data Controller: For purposes of data protection laws, Heap Inc., a company duly incorporated and organized under the laws of United States of America, having its registered address at 225 Bush St. 2nd Floor, San Francisco, CA 94104, is the “data controller” and is generally responsible for and controls the processing of your personal information collected through your use of our Service. This Privacy Policy applies only to instances where Heaps acts as a data controller.
  • Heap as a Data Processor: Wherever our customers use our Service to submit, manage, or otherwise use content relating to our customers’ end users during the provision of our Service, we act as a “data processor” and have contractually committed ourselves, including by signing data processing agreements, to only process such information on behalf and under the instruction of the respective customer, who is the data controller. As such, this Privacy Policy does not apply to such processing.
  • Processing of PHI: Heap is committed to ensuring all data it receives remains confidential and protected, and that it complies with applicable privacy and security regulations, including the Health Insurance Portability and Accountability Act (“HIPAA”). Heap’s processing of protected health information (“PHI”) collected through the use of our Service is done at the direction of our customer who is the “covered entity” or a business associate (as that term is defined by HIPAA), and is governed by the applicable business associate agreement between Heap and the covered entity and/or the business associate. For more information on how we process PHI and related safeguards, please contact us using the details set out at the end of this Privacy Policy.

GLOBAL APPLICABLITY AND REGION-SPECIFIC DISCLOSURES
This Privacy Policy is designed to apply to our Site visitors, users of our Services and other companies and users on a global basis. We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

  • California - Your California Privacy Rights: If you are a California resident, California Civil Code Section 1798.83 – also known as California’s “Shine the Light” – permits you to request information regarding the disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. To opt out of having your information shared in this manner, please email us at legal@heap.io.
  • Nevada: Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Note we do not sell your personal information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at legal@heap.io.
  • European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area (“EEA”), United Kingdom or Switzerland, or otherwise engage with Heap’ European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom and Switzerland below for additional European-specific privacy disclosures, including what constitutes your personal information, the lawful bases we rely on to process your personal information, how we use cookies when you access our Sites from the EEA, UK or Switzerland and your rights in respect of your personal information.

1. INFORMATION WE COLLECT AND OUR USE
We collect personal information in connection with your visits to and use of the Service. This collection includes information that you provide in connection with the Service, information from third parties, and information that is collected automatically such as through the use of cookies and other technologies.

Information That You Provide
We collect personal information from you. The categories of information we collect can include:

  • Service Inquiries, Free Trial, or Demo Requests. We may collect personal information that you provide when you inquire about our Service or request a free trial or demo. This information may include your business information, including your first name, last name, email, phone number, company, company size, industry type, and any other information you provide, including your interests in relation to our Service or applicable business information. We use this information to communicate with you about your inquiry or interests, provide the free trial or demo, or schedule an information call to discuss our Service.
  • Registration information. We collect personal and/or business information that you provide when you register for an account to use our Service, including the Heap platform. This information may include your name, email, and password. We use this information to administer your account, provide you with the relevant services and information, communicate with you regarding your account, the Service, and for customer support purposes.
  • Payment information. If you sign up for our Service, we collect the information provided in connection with your payment. Please note that we use third party payment processors to process payments made to us. As such, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy policy.
  • Marketing Emails and Blog Subscription. If you sign up to receive news or alerts from us, or subscribe to our blog, we collect your email and applicable interests and communication preferences in order to send you regular updates about the Service. We use this information to manage our communications with you and send you information about products and services we think may be of interest to you. To unsubscribe from promotional messages, please follow the instructions within our messages and review the Control Over Your Information section below. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
  • Communications. If you communicate with us through any paper or electronic form, we may collect your name, email address, mailing address, phone number, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization.
  • Events, Surveys, and Promotions. If you fill out any forms relating to Heap events, surveys, contests, sweepstakes, or other promotional events, we collect your contact and demographic information, and any other information requested on the form or at sign up. We use this information to fulfill the purpose of the form or sign up, facilitate the event, survey, contest, sweepstakes, and promotion, and to inform you about future programs that may be of interest to you.
  • Employment Applications. If you apply for employment, we collect your contact and demographic information, educational and work history, employment interests, information obtained during interviews and any other information you choose to provide. We use the information provided to evaluate your candidacy for employment, to communicate with you during the application process and to facilitate the onboarding process.

You are free to choose which personal information you want to provide to us or whether you want to provide us with personal information at all. However, some information, such as your name, address, payment transaction information, and information on your requested services may be necessary for the performance of our contractual obligations.

Automatic Data Collection
As is true of most digital platforms, we and our third-party providers and partners collect certain personal information automatically when you visit or interact with our websites and other online services:

  • Log Data: Including your internet protocol (IP) address, operating system, browser type, browser ID, the URL you entered and the referring page/campaign, date/time of your visit, the time you spent on our services and any errors that may occur during your visit to our services. Please note that our systems may also record personal information that you type into our websites and other online services even if you do not choose to submit it.
  • Analytics Data: Including the electronic path you take to our services, through our services and when exiting our services, as well as your usage and activity on our services, such as the links, objects, products and benefits you view, click or otherwise interact with (also known as “Clickstream Data”). Our emails may also contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
  • Location Data: Including your general geographic location based on the Log Data we collect.
  • Application Data: Some of our services offer mobile or browser applications to allow you to take advantage of our service offerings on the go and/or when visiting third-party websites and other online services. Certain of these applications also allow us to access more precise Location Data about you and collect information about your use and interactions with third-party websites and online services (including the products or services you are interested in or purchase) to better serve you.

For information about our, and our third-party providers and partners’, use of cookies and related technologies to collect information automatically on our online services, and the choices you may have in relation to those practices, please visit our How We Use Cookies and Other Tracking Technologies and Third-Party Tracking and Online Advertising sections of our Privacy Policy, as mentioned below.

Information from Third Party Sources
We may receive personal information about you from our business partners and service providers and combine this information with other data we collect from you. The third parties may include website and service operators, payment processors, marketing partners, and shipping providers. The information may include contact information, demographic information, information about your communications and related activities, and information about your orders. We may use this information to administer and facilitate our services, your subscriptions, and our marketing activities.

  • Account Creation / Single Sign-On. We may use single sign-on ("SSO") to allow a user to authenticate their account through their work email. We do this by using OAuth authentication (similar methods), a secure mechanism to give Heap access to your account data without letting us know your password. We will have access to certain information from those third parties in accordance with the authorization procedures determined by those third parties, including, for example, your username, password, name, email address, and profile picture. We use this information to operate, maintain, and provide to you the features and functionality of the Service. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes, or updates to features of the App, technical and security notices).
  • Social Media. When you interact with our Site through various social media, such as when you click on the social media icon on the Site, follow us on a social media site, or post a comment to one of our pages, we may receive information from the social network such as your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. The data we receive complies with your privacy settings with the social media network. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
  • Information from Other Sources. We may obtain information from other sources, including through third-party information providers, customers, public sources, or through transactions such as mergers and acquisitions. We may combine this information with other information we collect from or about you. In these cases, our Privacy Policy governs the handling of the combined personal information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.

Other Uses of Personal Information
In addition to the uses described above, we may collect and use personal information for the following purposes:

  • For our business activities, including to operate the Service and to provide you with the features and functionality of the Service;
  • To communicate with you and respond to your requests, such as to respond to your questions, contact you about changes to the Service, and communicate about account related matters;
  • For marketing and advertising purposes, such as to market to you or offer you with information and updates on our products or services we think that you may be interested in. While we may use your personal information in this manner, please note that we do not use user content to serve you ads, and we will never share user content with any third parties for marketing or advertising purposes, unless you have explicitly submitted it to us for that purpose;
  • For analytics and research purposes;
  • To enforce our Terms of Service, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
  • To comply with contractual and legal obligations and requirements;
  • To fulfill any other purpose for which you provide personal information; and
  • For any other lawful purpose, or other purpose that you consent to.

2. HOW WE SHARE PERSONAL INFORMATION
We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as described below.

  • Service Providers. We share personal information with third party contractors and service providers who perform services on our behalf, which are subject to reasonable confidentiality terms, and which may include processing payments, providing web hosting services, technology support providers, email communications providers, analytics providers, data storage providers, and web and video hosting providers and developers.
  • Business Partners. We may disclose personal information to our business partners for transactional and marketing purposes, including to promote their products or services. We may also share your personal information with other third parties who may have products or services we think you may enjoy.
  • Online Advertising Partners. We also share personal information with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers to serve targeted ads to you or to groups of other users who share similar traits, such as likely commercial interests and demographics, on third-party platforms. For more information, including how to opt out of interest-based advertising, please see Third-Party Tracking and Online Advertising below.
  • Our Brands. We may share with other companies and brands owned or controlled by Heap, and other companies owned by or under common ownership as Heap. These companies will use your personal information in the same way as we can under this Privacy Policy.
  • Corporate Transaction. We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Policy.
  • Legal Requirements. We may share your information with third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or other agreements or to protect the security or integrity of the Heap services, including to prevent harm or financial loss, or in connection with preventing fraud or illegal activity; and/or (c) to exercise or protect the rights, property, or personal safety of Heap, our Customers, visitors, or others.
  • With Your Consent. We may disclose your information publicly or with another third party with your prior authorization.

3. CONTROL OVER YOUR INFORMATION

  • Email Communications. From time to time, we may send you emails regarding updates to our Service, products or services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
  • Modifying Account Information. If you have an online account with us, you have the ability to modify certain information in your account (e.g., your contact information) through the [“profile,” “account,” “settings,” or “preferences”] options provided on the Site. If you would like to request access to, or correction or deletion of personal information, you may send your request to us at the email provided below. We will review your request, and may require you to provide additional information to identify yourself, but we do not promise that we will be able to satisfy your request.
  • How to Control Push Notifications. You can stop receiving push notifications from us by changing your preferences in the iOS or Android notifications settings menu

4. How We Use Cookies and Other Tracking Technology to Collect Information
We, and our third-party partners, automatically collect certain types of usage information when you visit our Site, read our emails, or otherwise engage with us.  We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”).

We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:

  • Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser or your account (including, for example, a persistent device identifier or an Ad ID), and other such information. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices.
  • When you access our sites from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and depending on your mobile device settings, or we may be able to approximate a device’s location by analyzing other information, like an IP address.
  • Information about the way you access and use our services, for example, the site from which you came and the site to which you are going when you leave our services, the pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other actions you take on the Site.
  • We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the services and to understand more about the demographics of our users. Learn more about Google’s practices here and view its opt-out options here.

We use the data collected through tracking technologies to:  (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) otherwise to plan for, and enhance our services.

If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.

We and our third-party partners may also use cookies and tracking technologies for advertising purposes.  For more information about tracking technologies, including your choices regarding this technology, please see Third-Party Tracking and Online Advertising below.

5. Third-Party Tracking and Online Advertising
We may share, or we may permit third-party online advertising networks, social media companies and other third-party services, to collect, information about your use of our Site over time so that they may play or display ads that may be relevant to your interests on our site as well as on other websites or apps, or on other devices you may use. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including hashed data, click stream information, browser type, time and date you visited the site, and other information. This information is used to display targeted ads on or through our services or on other websites, apps, or services. We or the online advertising networks use this information to make the advertisements you see online more relevant to your interests. We may also display targeted advertising to you through social media platforms, such as Facebook, Twitter, Google and others. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services or our clients’ services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.

Google Analytics and Advertising. We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to our services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available here, or by vising NAI’s online resources on their website.

Cookies and Other Tracking Technologies Opt-Out. As noted above in the How We Use Cookies and Other Tracking Technology to Collect Information section, depending on your browser or mobile device, you may be able to set your browser to delete or notify you of cookies and other tracking technology by actively managing the settings on your browser or mobile device.

If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the sites, as some features and services on our sites may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android).

To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Digital Advertising Alliance’s (DAA) resources and/or the Network Advertising Initiative’s (NAI) online resources herea> and you can opt-out of receiving some interest-based advertisements on mobile apps here. You may also be able to limit interest-based advertising through the settings menu on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android). You may also be able to opt-out of some — but not all — interest-based advertising served by mobile ad networks by visiting here and downloading the mobile AppChoices app.

Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.

6. Links to Third-Party Websites and Services
For your convenience, our Service may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal information.

7. Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly solicit or collect personal information from children under the age of 16. If we learn that any personal information has been collected inadvertently from a child under 16, we will delete the information as soon as possible. If you believe that we might have collected information from a child under 16, please contact us at legal@heap.io](mailto@heap.io).

8. Changes to Privacy Policy
We reserve the right to change this Privacy Policy from time to time in our sole discretion. We will notify you about material changes in the way we treat personal data by sending a notice to the primary email address specified in your Dray Alliance account, by placing a prominent notice on our Site, or through other appropriate communication channels. It is your responsibility to review this Privacy Policy periodically. All changes shall be effective from the date of publication unless otherwise provided.

9. Contact Us
For additional inquiries about this Privacy Policy, please send us an email at legal@heap.io or contact us at: Heap, Inc.
225 Bush St. 2nd Floor,
San Francisco, CA 94104

Data Protection Officer:
Jerry van Leeuwen
dpo@heap.io

PRIVACY DISCLOSURES FOR THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND

While we are primarily based in the United States, Heap maintains operations in Europe and may direct our services to individuals located in the European Economic Area (“EEA”), United Kingdom and Switzerland, including through our Site https://heap.io/ (collectively, our “European Services”). The following disclosures (“Privacy Disclosures”) apply to our processing of personal data in connection with our European Services.

Heap, Inc., a company duly incorporated and organized under the laws of United States of America, having its registered address at 225 Bush St. 2nd Floor, San Francisco, CA 94104, is the “data controller” responsible for the processing of personal data in connection with our European Services. This means that we determine and are responsible for how your personal information is used. Heap’s Data Protection Office (“DPO”) may be contacted at dpo@heap.io.

Personal Data: When we use the term “personal data” in this section, we mean information relating to an identified or identifiable natural person.

1. PERSONAL DATA WE COLLECT FROM YOU WHEN YOU USE THE HEAP EUROPEAN SERVICES, AND HOW WE USE IT
We collect the categories of personal data that you voluntarily submit directly to us when you use the European Services, as set forth in our Privacy Policy under the section entitled Information We Collect and Our Use. The table at Annex 1 sets out in detail the categories of personal data we collect about you and how we use that information when you use the European Services, as well as the legal basis which we rely on to process the personal information and recipients of that personal information.

2. INFORMATION WE COLLECT ABOUT YOU AUTOMATICALLY
We also automatically collect personal information indirectly about how you access and use the European Services, and information about the device you use to access the European Services. For example, we may collect: (a) information about the features you use and the pages you view on the European Services; (b) information about your device (such as your IP address, device identifier, device type, model and manufacturer); and (c) information about your usage patterns (such as how often you use the Heap European Services and your language settings). We use this information to provide you the features and functionality of the European Services, to monitor and improve the European Services and to develop new services.

The table at Annex 2 sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.

We may link or combine the personal information we collect about you and the information we collect automatically.

We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Heap European Services. We may also share such anonymised and aggregated information with others.

3. HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION
We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1 and Annex 2, in accordance with our legal obligations and legitimate business interests.

The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:

  • (a) Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
  • (b) Consent. Where we are processing personal information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal information.
  • (c) Contract. Where we are processing personal information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
  • (d) Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
  • (e) Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim.  In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorised use or disclosure of your personal information.

4. RECIPIENTS OF PERSONAL INFORMATION
In addition to the recipients listed in Annexes 1 and 2, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1 and 2):

  • (a) Service providers and advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
  • (b) Affiliates. Other companies owned by or under common ownership as Heap, including our subsidiaries (i.e., any organisation we own or control) and our ultimate holding company (i.e., any organisation that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under these Privacy Disclosures.
  • (c) Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
  • (d) Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms; and/or (iii) exercise or protect the rights, property, or personal safety of Heap, its users or others.

5. MARKETING AND ADVERTISING
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.

Where we rely on consent to send you marketing communications, we will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences via your account on the Site.

6. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.

International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your personal information may be processed outside of those regions, including in the United States.

In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.

7. PROFILING
We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively send product updates. We may also use personal data about you to detect and reduce fraud. and credit risk.

8. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • (a) Right of access. You have the right to obtain:
    • (i) confirmation of whether, and where, we are processing your personal information;
    • (ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
    • (iii) information about the categories of recipients with whom we may share your personal information; and
    • (iv) a copy of the personal information we hold about you.
  • (b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • (c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • (d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • (e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • (f) Right to withdraw consent. There are certain circumstances where we require your consent to process your personal information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office and the Swiss Federal Data Protection and Information Commissioner.

If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures, or you can use our Data Subject Rights Request Form.

Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

9. COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR EUROPEAN SERVICES
Our European Services uses cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together "cookies") to distinguish you from other users of our European Services. This helps us to provide you with a good experience when you browse our European Services and also allows us to monitor and analyse how you use and interact with our European Services so that we can continue to improve our European Services. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.

Cookies are pieces of code that allow for personalisation of our European Services experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.

We use the following types of cookies:

  • (a) Strictly necessary cookies. These are cookies that are required for the operation of our European Services. They include, for example, cookies that enable you to log into secure areas of our European Services.
  • (b) Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our European Services when they are using it. This helps us to improve the way our European Services works, for example, by ensuring that users are finding what they are looking for easily.
  • (c) Functionality cookies. These are used to recognise you when you return to our European Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • (d) Targeting cookies. These cookies record your visit to our European Services, the pages you have visited and the links you have followed. We will use this information to make our European Services and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide services to us for this purpose.
  • (e) Third party cookies. Please be aware that advertisers and other third parties may use their own cookies tags when you click on an advertisement or link on our European Services. These third parties are responsible for setting out their own cookie and privacy policies.

Other than strictly necessary cookies, which are required for the operation of our European Services, we will only place cookies on your device if you give us your consent to do so.

Most browsers also allow you to change your cookie settings to block certain cookies. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our European Services. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.

If you would like to find out more about cookies and other similar technologies, please visit this link. or the Network Advertising Initiative's online sources here. We and our third-party partners may also use cookies and tracking technologies for advertising purposes.

Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.

10. TRACKING TECHNOLOGIES USED IN OUR EMAILS
Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.

Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.

Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.