Last Updated: May 20, 2021
Welcome and thank you for your interest in Heap Inc. (“Heap”, “we”, “our” or “us”). Heap is a user behavioral analytics product and service. We allow businesses and websites to collect and analyze data about how their users are interacting with their services. Heap does this by collecting data on what users are doing, including but not limited to what webpages they visit, what users click on, where those users are located, what browser or platform those users are using, and many other forms of behavioral or personal data.
GLOBAL APPLICABLITY AND REGION-SPECIFIC DISCLOSURES
1. INFORMATION WE COLLECT AND OUR USE
Information That You Provide
We collect personal information from you. The categories of information we collect can include:
You are free to choose which personal information you want to provide to us or whether you want to provide us with personal information at all. However, some information, such as your name, address, payment transaction information, and information on your requested services may be necessary for the performance of our contractual obligations.
Automatic Data Collection
As is true of most digital platforms, we and our third-party providers and partners collect certain personal information automatically when you visit or interact with our websites and other online services:
Information from Third Party Sources
We may receive personal information about you from our business partners and service providers and combine this information with other data we collect from you. The third parties may include website and service operators, payment processors, marketing partners, and shipping providers. The information may include contact information, demographic information, information about your communications and related activities, and information about your orders. We may use this information to administer and facilitate our services, your subscriptions, and our marketing activities.
Other Uses of Personal Information
In addition to the uses described above, we may collect and use personal information for the following purposes:
2. HOW WE SHARE PERSONAL INFORMATION
We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as described below.
3. CONTROL OVER YOUR INFORMATION
We, and our third-party partners, automatically collect certain types of usage information when you visit our Site, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”).
We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:
We use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) otherwise to plan for, and enhance our services.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
5. Third-Party Tracking and Online Advertising
We may share, or we may permit third-party online advertising networks, social media companies and other third-party services, to collect, information about your use of our Site over time so that they may play or display ads that may be relevant to your interests on our site as well as on other websites or apps, or on other devices you may use. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including hashed data, click stream information, browser type, time and date you visited the site, and other information. This information is used to display targeted ads on or through our services or on other websites, apps, or services. We or the online advertising networks use this information to make the advertisements you see online more relevant to your interests. We may also display targeted advertising to you through social media platforms, such as Facebook, Twitter, Google and others. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services or our clients’ services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.
Google Analytics and Advertising. We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to our services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available here, or by vising NAI’s online resources on their website.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the sites, as some features and services on our sites may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android).
To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Digital Advertising Alliance’s (DAA) resources and/or the Network Advertising Initiative’s (NAI) online resources herea> and you can opt-out of receiving some interest-based advertisements on mobile apps here. You may also be able to limit interest-based advertising through the settings menu on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android). You may also be able to opt-out of some — but not all — interest-based advertising served by mobile ad networks by visiting here and downloading the mobile AppChoices app.
6. Links to Third-Party Websites and Services
For your convenience, our Service may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal information.
7. Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly solicit or collect personal information from children under the age of 16. If we learn that any personal information has been collected inadvertently from a child under 16, we will delete the information as soon as possible. If you believe that we might have collected information from a child under 16, please contact us at email@example.com](mailto
9. Contact Us
225 Bush St. 2nd Floor,
San Francisco, CA 94104
Data Protection Officer:
Jerry van Leeuwen
PRIVACY DISCLOSURES FOR THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
While we are primarily based in the United States, Heap maintains operations in Europe and may direct our services to individuals located in the European Economic Area (“EEA”), United Kingdom and Switzerland, including through our Site https://heap.io/ (collectively, our “European Services”). The following disclosures (“Privacy Disclosures”) apply to our processing of personal data in connection with our European Services.
Heap, Inc., a company duly incorporated and organized under the laws of United States of America, having its registered address at 225 Bush St. 2nd Floor, San Francisco, CA 94104, is the “data controller” responsible for the processing of personal data in connection with our European Services. This means that we determine and are responsible for how your personal information is used. Heap’s Data Protection Office (“DPO”) may be contacted at firstname.lastname@example.org.
Personal Data: When we use the term “personal data” in this section, we mean information relating to an identified or identifiable natural person.
2. INFORMATION WE COLLECT ABOUT YOU AUTOMATICALLY
We also automatically collect personal information indirectly about how you access and use the European Services, and information about the device you use to access the European Services. For example, we may collect:
(a) information about the features you use and the pages you view on the European Services;
(b) information about your device (such as your IP address, device identifier, device type, model and manufacturer); and
(c) information about your usage patterns (such as how often you use the Heap European Services and your language settings).
We use this information to provide you the features and functionality of the European Services, to monitor and improve the European Services and to develop new services.
The table at Annex 2 sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.
We may link or combine the personal information we collect about you and the information we collect automatically.
We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Heap European Services. We may also share such anonymised and aggregated information with others.
3. HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION
We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1 and Annex 2, in accordance with our legal obligations and legitimate business interests.
The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorised use or disclosure of your personal information.
4. RECIPIENTS OF PERSONAL INFORMATION
In addition to the recipients listed in Annexes 1 and 2, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1 and 2):
5. MARKETING AND ADVERTISING
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
Where we rely on consent to send you marketing communications, we will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences via your account on the Site.
6. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your personal information may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.
We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively send product updates. We may also use personal data about you to detect and reduce fraud. and credit risk.
8. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office and the Swiss Federal Data Protection and Information Commissioner.
If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures, or you can use our Data Subject Rights Request Form.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
9. COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR EUROPEAN SERVICES
Cookies are pieces of code that allow for personalisation of our European Services experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
We use the following types of cookies:
Other than strictly necessary cookies, which are required for the operation of our European Services, we will only place cookies on your device if you give us your consent to do so.
Most browsers also allow you to change your cookie settings to block certain cookies. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our European Services. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.
10. TRACKING TECHNOLOGIES USED IN OUR EMAILS
Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.
Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.
|Category of Personal Information||How we may use the Personal Information||Legal Bases for Processing||Recipients of Personal Information|
|Business contact information, such as first name, last name and email address.|
|Your registration / account information such as your full name, email, and password.|
|Payment transaction information. When you subscribe to our services, we may collect information such as your billing address and other information such as date and time of your transaction.|
|Approximate Location information. When you visit our European Services, we may collect information about your location. This information may be derived from WiFi positioning or your IP address.|
|Communications and feedback. When you contact us directly, e.g. by email or phone we will record your comments and opinions.|
|Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. We also use single sign-on ("SSO") to allow users to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network.|
|Your preferences, such as preferences set for notifications, marketing communications, how the European Services is displayed and the active functionalities on the European Services.|
|Category of personal information||How we may use it||Legal basis for the processing||Recipients of Personal Data|
|Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.|
|Information about how you access and use the European Services. For example, how frequently you access the European Services, the time you access the European Services and how long you use it for, the approximate location that you access the European Services from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the European Services from multiple devices, and other actions you take on the European Services.|
|Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the European Services. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the European Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one).|