Privacy Policy

Haiilo Share – Employee Advocacy

Last edited: October 14th, 2022. Changed company and product names.

 

Haiilo Share is a web based online content sharing and employee advocacy service owned and operated by Haiilo Oy (hereinafter “Haiilo”, “we” or “us”) that allows users (hereinafter “you”, “Users” and “User” in singular) to consume and share content created or approved by their employer internally or to their connected social media platforms (hereinafter “Service”). Via the Service, a company (hereinafter ”Company”) purchases and establishes a Haiilo Share account and we provide an online Instance comprising of the authorized Users for the Company (hereinafter ”Company Instance”). Haiilo has agreed with your employer additional terms in the agreement we have with your employer (hereinafter ”Corporate Agreement”) that will also apply to your use of the Service and our processing of your personal data.

Under the EU Data Protection Regulation (2016/679) that will apply to Haiilo’s processing of your personal data your employer shall be regarded as data controller and Haiilo shall be regarded as data processor processing your personal data based on agreement with and instructions from your employer.

Our Privacy Policy is designed to assist you in understanding how we collect, use, and disclose personal information we receive from you through the Service.

If you have any questions relating to our processing of your personal information that are not answered by this privacy policy you should primarily turn to your Company as the data controller. We are obliged to provide your Company with more information according to the Corporate Agreement.

This Privacy Policy may be updated from time to time to reflect changes in the Service, laws and regulations and to reflect descriptions of changes in key functionality for the Services. Your employer will be advised of these updates in accordance with the Corporate Agreement and their approval may be required before such updates take effect on you. We will post any changes via the Service or otherwise provide you with notice of any such changes. You are advised to consult this Privacy Policy regularly for any changes. Unless otherwise defined, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use (or Terms).

General Structure

When using the Service, you should know that, as further explained in the Terms of Use, your Company Instance is defined by your company’s or organization’s email domain. Only those in your Company Instance can view other member profiles and feeds on the Company Instance. Haiilo Share’s Administrative tools do allow our employees who have a need to do so, to access your information only to perform our obligations under the Corporate Agreement.

 

Information collection and storage

Haiilo collects non-sensitive personal data including first name and last name, company email address, connected social media network profile picture URL, cookie ID, and IP address. We also collect Service activity dates and usage statistics such as the number of content reads, content shares, and clicks from connected social media networks. In addition to this, you can optionally include your title, department, location, and phone number in your personal profile in which case we will also collect and process those data points. If you choose to post User Content, you should be aware that any personal information you submit through these features can be read, collected, or used by other persons within your Company Instance. Do not include any sensitive personal information in your User Content. The above-mentioned data can be input directly into the platform by the client, or the users, or provided to Haiilo by the client.

Haiilo is only processing such information as agreed with the Company who is the data controller for the respective User and we are not responsible for monitoring or policing the personal information users choose to disclose on the Company Instance or with the members of the Company Instance.

 

Site Usage Information

Cookies

The Service uses cookies for i) authenticating/authorizing the User ii) for product analytics iii) for maintaining high availability iv) for identifying the correct webapp version to be used v) for checking whether the cookie is supported and enabled in the browser.

We utilize persistent cookies to save your registration information for future logins to the Service. Second, we utilize session ID cookies to enable certain features of the Service, to better understand how users interact with the Service or user Content, and to monitor aggregate usage by users and web traffic routing on the Service. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Service and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of, or have access to all functionality of the Service.

 

Web beacons

We also use “web beacons,” “pixel tags,” “clear GIFs” or similar means (individually or collectively “Web Beacons“) in our Service. A Web Beacon is an electronic image, often a single pixel, embedded on web pages. Web Beacons are ordinarily not visible to users. Web Beacons allow us to count the number of Users who have visited certain pages of the Service or interacted with content shared by Users, to brand the Service, and to generate aggregate statistics about how our Service is used.

 

Log data and behavioral tracking

When you interact with the Service, it automatically records information that your browser sends whenever you visit a website or perform certain actions (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol address, browser type, the webpage that links to the Service that you used to access the Service (such as your Intranet or Haiilo website), your actions, and other statistics. We use this information to monitor and analyze use of the Service and for the Service’s technical Administration, to increase our Service’s functionality and user-friendliness, and to better tailor it to our users’ needs.

Use and Disclosure

We use your Personal Information to perform our obligations under the Corporate Agreement.

 

Third-Party Websites

When you are within the Service you may have the opportunity to visit, or link to, other websites, including other websites operated by Haiilo or by unaffiliated third parties. These third-party websites may collect Personal Information about you, and because this Privacy Policy does not address the information practices of those other websites, you should review the privacy policies of such other websites to see how they treat your Personal Information.

 

Subcontractors

We use subcontractors approved by your Employer to help operate the Service and to analyze how the Service is used. These third parties may have access to Personal Information and other information collected as set forth above only to perform these tasks on our behalf and are obligated not to disclose any Personal Information or to use it for any other purpose.

  • Amazon Web Services (AWS), Ireland (Europe)

Haiilo uses AWS for hosting Haiilo Share’s core services and database in datacenters and for processing and storing Client data solely within the EU (Ireland). AWS data centers are state of the art facilities utilizing innovative architectural and engineering approaches.

  • Google Cloud Platform (GCP), Belgium (Europe)

Haiilo uses GCP for hosting Haiilo Share supporting services in datacenters and processing Client data solely within the EU (Belgium). Google’s cloud services are designed to deliver better security than many traditional on-premises solutions. Google places extreme focus on security and protection of data is among their primary design criteria. Security drives Google’s organizational structure, training priorities and hiring processes. It shapes the data centers and the technology they house. It’s central to Google’s everyday operations and disaster planning, including how they address threats. It’s prioritized in the way Google handles customer data and it’s the cornerstone of their account controls, compliance audits, and the certifications they offer to their customers.

  • Mandrill by Mailchimp (The Rocket Science Group), USA

Haiilo uses Mandrill for processing and sending emails.

  • Sendgrid (Twilio), USA

Haiilo uses Sendgrid for processing and sending emails.

  • Mixpanel, USA

Mixpanel is used for hosting Haiilo Share’s supporting services, for analyzing how Users use the Service, and for occasionally sending emails.

  • Zendesk, USA

Zendesk is used for providing customer support by Haiilo’s in-house Customer Support personnel.

 

Other data processing

We use the services of Retently Inc., 2318 Louis Rd., Suite B, Palo Alto, California 94303, United States of America for our products. They help us gathering customer and user feedback for the purpose of checking their satisfaction with our products.

In this context, the names, email addresses, telephone numbers, job titles and browser locations of those users participating in our surveys will be processed. Those information will be stored for the duration of five years.

The participation in the survey is voluntary. By sending the completed survey to us, you consent to the processing of your personal data as described above. The legal basis is Art. 6 para. 1 lit. a GDPR.

Business Transfer

We may need to disclose or transfer your Personal Information, in connection with a merger, acquisition, reorganization or sale of our assets or part thereof or of Haiilo. Your Company will be advised of these changes in accordance with the Corporate Agreement and their approval may be required before such disclosure is made.

 

Feedback, Surveys

We may occasionally ask users of our Service to complete online surveys and polls about their activities, attitudes, and interests. These surveys help us better serve you and improve the usefulness of the Service. You have no obligation to participate in such surveys and polls and your Company may have set rules for you that you need to follow.

 

Security

Haiilo is ISO 27001 certified. Haiilo uses commercially reasonable and industry standard safeguards (which may be set forth in the Corporate Agreement) to preserve the integrity and security of your Personal Information. We restrict access to personal information to those employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to confidentiality obligations.

While Haiilo endeavors to protect the security and integrity of Personal Information provided to the Service, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers. The Corporate Agreement may contain additional provisions regarding security requirements and processes.

 

International Transfer

Your information may be transferred to, and maintained on, computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with the Corporate Agreement. In doing so we will comply with the applicable data protection laws.

 

Our Policy Towards Children

This Service is not directed to children. We do not knowingly collect Personal Information from children. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a child has registered for the Service and has provided us with Personal Information, we will delete such information from our files.

 

Duration of Processing

Personal Data will be processed by the Supplier for the duration of the Service Agreement unless a longer or shorter period is agreed between the Parties in the Service Agreement or elsewhere in writing.

 

Deletion of data

You may request the deletion of your data at any point in time. Therefore, please contact us at the address at the bottom of the policy. The data delete process will take a maximum of 90 days.

 

Contact Us

Please Contact us at [email protected] with any questions regarding this Privacy Policy. You can also contact us at the following address:

Haiilo Oy

Kalevankatu 20

00100 Helsinki

Finland

You can also contact your Employer for assistance in Data Protection related matters.