EFFECTIVE DATE: JUNE 17 , 2020
For your peace of mind HG has successfully completed the Service Organization Control (SOC) 2 Type I certification, a testament to the company’s 10+ years of experience security and confidentiality in managing data.
Awarded by AICPA, the System and Organization Control (SOC) audit provides third-party reports to customers, prospective customers, and partners for insights into the control environment at a service provider. The Type I certification reports on the design, security, and operational effectiveness of these controls at a point in time, based on management’s description of a service organization’s system.
In addition to the Security profile, which is required by every applicant, HG also demonstrated controls for two additional profiles: Availability and Confidentiality:
report certifies that your system is protected against both physical and digital unauthorized access.
This report certifies that your system is operational and can be used as committed.
This report certifies that your information is confidential and is protected.
INFORMATION WE COLLECT
We collect information about you directly from you, as well as automatically through your use of the Website and the Services. We will strive not to require you to disclose more information than is reasonably necessary to use the Website and the Services.
Information We Collect from You. We collect information that personally identifies you, such as your name, email address and other personally identifiable information when you sign up on the Website or for the Services or that you otherwise choose to provide to us (“Personal Information”).
Information We Collect Automatically. We automatically collect information regarding the actions you take when using the Services (“Usage Data”). Usage Data may include the type of Web browser you use, your operating system, your Internet Service Provider, your IP address, the pages you view, how you interact with the Services, and the time and duration of your use of the Services.
Information We Receive from Other Sources
We may also augment the information we collect about you and your company. This can include the information we collect about you with information collected from third parties such as other web-based and mobile networks, exchanges, websites, or marketing technology providers. In addition, the information we automatically collect may be combined and associated with business profile information that we infer about you such as: company URL domain, functional area, seniority, industry, company revenue, or area of business interests.
This information may include hashed identifiers derived from other information such as email addresses, mobile device IDs, interest data (like your industry, employer, company size, job title or department) or content engagement on a publicly available digital property.
Email Preference Center – Update your email preferences here: https://go.hginsights.com/hg-preference_center
HOW WE USE THIS INFORMATION
We use the information that we collect about you for the following purposes:
Providing Our Services. To provide the Website and the Services and for other customer service purposes.
Communicating with You. To communicate with you, including by email, about our Services and to respond to your questions, to offer you additional services, or to provide you with additional content or information that might be relevant or interesting to you.
Analyzing the Use of Our Services. To better understand our users’ access to and use of the Website and the Services, both on an individual and aggregated basis, and to respond to users’ desires and preferences.
Advertising. To match it with other public and private data sources in order to create anonymous segments of information (this is non-personally identifying information, such as demographic, behavioral and technical information, extracted from the underlying data) for use by HG Insights and/or third parties to target advertising messages to you on third party sites and services. You may opt-out from certain targeting advertising by following the instructions in the section below entitled “Interest Based Advertising and IP Targeting.”
Audience Solutions. To use firmographic and demographic data at the URL domain and company level for delivery into third party platforms like Oracle, LiveRamp, Eyeota, LinkedIn, or others for the purpose of marketing and selling specialized digital advertising audience segments for business-to-business advertisers to execute “interest-based advertising.” (More information about this type of advertising can be found at the DAA’s website.) These segments may be custom or made available in third party marketplaces with compliance standards assuring ethical and legal use. The firmographic and demographic data may include industry, company revenue, company size,various installed technologies we assign to your current or past employer company, or other intelligence and interest signals that we assign to companies and their employees across our products and services. We do not share any data which could be used to identify an individual data subject.
HOW WE DISCLOSE THIS INFORMATION
We may disclose the information that we collect about you with the following entities:
Your Employer. If you are using the Website or the Services through your employer’s account with us, we may disclose your information to your employer.
Service Providers. We may disclose your information to our vendors or service providers or agents who perform functions on our behalf. For example, we use cloud-based hosting providers to host the Website and the Services, and use other third-party platform providers, such as marketing automation, customer support and community platforms, to provide other services. Accordingly, these vendors, service providers or agents may process and store your Personal Information.
We may also disclose the information that we collect about you in the following ways:
Business Transfers. We may disclose your information to another entity if we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding.
In Response to Legal Process. We may disclose your information in order to comply with the law, or a judicial proceeding, subpoena, court order or other legal process.
Aggregated and De-identified Information. We may disclose aggregate or de-identified information about our users for marketing, advertising, research or similar purposes.
HOW LONG WE RETAIN YOUR INFORMATION
We will retain your Personal Information for as long as reasonably required to allow you to access the Website and the Services.
Electronic Customer Data for Sales and Marketing Support
24-months after customer engagement ends
Customer manages their data in the platform. As long as customer is active, they can manage their own data. Once a customer is offboarded, data will be destroyed within 24 months
Paper containing Customer Data
We do not maintain paper copies of customer data, however, we may have electronic forms such as contracts
Shred or Incinerate
Backup Media (SAN)
We do not maintain backup copies of customer data ins cope, we do employ replication which falls under Electronic Customer Data clause
Format or Destroy
We do not store or transfer customer data on external media
Format or Destroy
COOKIES AND WEB BEACONS
INTEREST BASED ADVERTISING AND IP TARGETING
We may work with data providers to serve advertising to you through display media or other methods. These providers may use personal information that we have collected or that you have provided to locate you online, such as when you visit or log in to websites or mobile applications. This information may be linked to online identifiers or IP addresses assigned to you, and to demographic or interest-based data, in order to target you with relevant advertising, including about our products or services. To learn more about or opt out of this and other interest-based advertising, please visit the industry opt-out pages operated by the DAA, at http://www.aboutads.info and by the NAI at http://networkadvertising.org.
THIRD PARTY LINKS
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Personal Information. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Services, we cannot and do not guarantee the security of any information you transmit on or through the Services, and you do so at your own risk.
We do not knowingly collect Personal Information from children under the age of 13. If we become aware that we have inadvertently received Personal Information from a child under the age of 13, we will delete such information from our records.
PROCESSING IN THE UNITED STATES
Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. By using the Website or the Services, you consent to the transfer of such information to the United States and agree that the applicable laws in the United States will govern the collection, use, transfer and disclosure of your Personal Information and communications. The laws in the United States may not be as protective of your privacy as those in your location.
In compliance with the GDPR and applicable federal and state laws, we have conducted a privacy impact assessment, and have instituted steps to protect your Personal Information including training and awareness, monitoring and verification, and response and enforcement. We also keep records of how we process your Personal Information, and will conduct annual internal audits of our privacy and security practices.
RIGHT TO REVIEW, DELETE AND CONTROL OUR USE OF YOUR INFORMATION
You have the right to review the Personal Information we have collected about you, to erase or delete it, and to tell us to no longer use or disclose it. You can review most of the Personal Information we collect about you by logging into your account and reviewing your account information and updating the Personal Information we maintain about you. You may also contact us at email@example.com to request access to your Personal Information, erasure or deletion of your Personal Information and/or cancellation of your account. If you ask us to erase or delete your Personal Information, we will erase or delete your Personal Information within one month or less.
RIGHT TO REMOVE YOUR INFORMATION
You have the right to obtain a copy of your Personal Information and take it with you. The copy will be in a structured, commonly used and machine-readable format. If requested by you and when technically feasible, we will send that Personal Information via electronic means to you or a third party designated by you.
Call us to remove any personal information submitted through our website: (805) 880-1100