Haiilo Share – Employee Advocacy
Last edited: October 14th, 2022. Changed company and product names.
Haiilo Share is a web based online content sharing and employee advocacy service owned and operated by Haiilo Oy (hereinafter “Haiilo”, “we” or “us”) that allows users (hereinafter “you”, “Users” and “User” in singular) to consume and share content created or approved by their employer internally or to their connected social media platforms (hereinafter “Service”). Via the Service, a company (hereinafter ”Company”) purchases and establishes a Haiilo Share account and we provide an online Instance comprising of the authorized Users for the Company (hereinafter ”Company Instance”). Haiilo has agreed with your employer additional terms in the agreement we have with your employer (hereinafter ”Corporate Agreement”) that will also apply to your use of the Service and our processing of your personal data.
Under the EU Data Protection Regulation (2016/679) that will apply to Haiilo’s processing of your personal data your employer shall be regarded as data controller and Haiilo shall be regarded as data processor processing your personal data based on agreement with and instructions from your employer.
Information collection and storage
Haiilo collects non-sensitive personal data including first name and last name, company email address, connected social media network profile picture URL, cookie ID, and IP address. We also collect Service activity dates and usage statistics such as the number of content reads, content shares, and clicks from connected social media networks. In addition to this, you can optionally include your title, department, location, and phone number in your personal profile in which case we will also collect and process those data points. If you choose to post User Content, you should be aware that any personal information you submit through these features can be read, collected, or used by other persons within your Company Instance. Do not include any sensitive personal information in your User Content. The above-mentioned data can be input directly into the platform by the client, or the users, or provided to Haiilo by the client.
Haiilo is only processing such information as agreed with the Company who is the data controller for the respective User and we are not responsible for monitoring or policing the personal information users choose to disclose on the Company Instance or with the members of the Company Instance.
Site Usage Information
We utilize persistent cookies to save your registration information for future logins to the Service. Second, we utilize session ID cookies to enable certain features of the Service, to better understand how users interact with the Service or user Content, and to monitor aggregate usage by users and web traffic routing on the Service. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Service and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of, or have access to all functionality of the Service.
We also use “web beacons,” “pixel tags,” “clear GIFs” or similar means (individually or collectively “Web Beacons“) in our Service. A Web Beacon is an electronic image, often a single pixel, embedded on web pages. Web Beacons are ordinarily not visible to users. Web Beacons allow us to count the number of Users who have visited certain pages of the Service or interacted with content shared by Users, to brand the Service, and to generate aggregate statistics about how our Service is used.
Log data and behavioral tracking
When you interact with the Service, it automatically records information that your browser sends whenever you visit a website or perform certain actions (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol address, browser type, the webpage that links to the Service that you used to access the Service (such as your Intranet or Haiilo website), your actions, and other statistics. We use this information to monitor and analyze use of the Service and for the Service’s technical Administration, to increase our Service’s functionality and user-friendliness, and to better tailor it to our users’ needs.
Use and Disclosure
We use your Personal Information to perform our obligations under the Corporate Agreement.
We use subcontractors approved by your Employer to help operate the Service and to analyze how the Service is used. These third parties may have access to Personal Information and other information collected as set forth above only to perform these tasks on our behalf and are obligated not to disclose any Personal Information or to use it for any other purpose.
- Amazon Web Services (AWS), Ireland (Europe)
Haiilo uses AWS for hosting Haiilo Share’s core services and database in datacenters and for processing and storing Client data solely within the EU (Ireland). AWS data centers are state of the art facilities utilizing innovative architectural and engineering approaches.
- Google Cloud Platform (GCP), Belgium (Europe)
Haiilo uses GCP for hosting Haiilo Share supporting services in datacenters and processing Client data solely within the EU (Belgium). Google’s cloud services are designed to deliver better security than many traditional on-premises solutions. Google places extreme focus on security and protection of data is among their primary design criteria. Security drives Google’s organizational structure, training priorities and hiring processes. It shapes the data centers and the technology they house. It’s central to Google’s everyday operations and disaster planning, including how they address threats. It’s prioritized in the way Google handles customer data and it’s the cornerstone of their account controls, compliance audits, and the certifications they offer to their customers.
- Mandrill by Mailchimp (The Rocket Science Group), USA
Haiilo uses Mandrill for processing and sending emails.
- Sendgrid (Twilio), USA
Haiilo uses Sendgrid for processing and sending emails.
- Mixpanel, USA
Mixpanel is used for hosting Haiilo Share’s supporting services, for analyzing how Users use the Service, and for occasionally sending emails.
- Zendesk, USA
Zendesk is used for providing customer support by Haiilo’s in-house Customer Support personnel.
Other data processing
We use the services of Retently Inc., 2318 Louis Rd., Suite B, Palo Alto, California 94303, United States of America for our products. They help us gathering customer and user feedback for the purpose of checking their satisfaction with our products.
In this context, the names, email addresses, telephone numbers, job titles and browser locations of those users participating in our surveys will be processed. Those information will be stored for the duration of five years.
The participation in the survey is voluntary. By sending the completed survey to us, you consent to the processing of your personal data as described above. The legal basis is Art. 6 para. 1 lit. a GDPR.
We may need to disclose or transfer your Personal Information, in connection with a merger, acquisition, reorganization or sale of our assets or part thereof or of Haiilo. Your Company will be advised of these changes in accordance with the Corporate Agreement and their approval may be required before such disclosure is made.
We may occasionally ask users of our Service to complete online surveys and polls about their activities, attitudes, and interests. These surveys help us better serve you and improve the usefulness of the Service. You have no obligation to participate in such surveys and polls and your Company may have set rules for you that you need to follow.
Haiilo is ISO 27001 certified. Haiilo uses commercially reasonable and industry standard safeguards (which may be set forth in the Corporate Agreement) to preserve the integrity and security of your Personal Information. We restrict access to personal information to those employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to confidentiality obligations.
While Haiilo endeavors to protect the security and integrity of Personal Information provided to the Service, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers. The Corporate Agreement may contain additional provisions regarding security requirements and processes.
Your information may be transferred to, and maintained on, computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with the Corporate Agreement. In doing so we will comply with the applicable data protection laws.
Our Policy Towards Children
This Service is not directed to children. We do not knowingly collect Personal Information from children. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a child has registered for the Service and has provided us with Personal Information, we will delete such information from our files.
Duration of Processing
Personal Data will be processed by the Supplier for the duration of the Service Agreement unless a longer or shorter period is agreed between the Parties in the Service Agreement or elsewhere in writing.
Deletion of data
You may request the deletion of your data at any point in time. Therefore, please contact us at the address at the bottom of the policy. The data delete process will take a maximum of 90 days.
You can also contact your Employer for assistance in Data Protection related matters.