Privacy Policy of hive.one

Version from: 12 July 2019

This privacy policy (“Privacy Policy”) explains who we are, how we process (i.e. collect, record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, disseminate or otherwise make available, align or combinate, restrict, erase or destruct) personal information about you, and how you can exercise your privacy rights. We are Borg Collective GmbH, a limited liability company established under the laws of the Federal Republic of Germany, with registered office at: Scharnhorststraße 24, 10115 Berlin, Federal Republic of Germany, Registration Court: Amtsgericht Charlottenburg (Berlin), Id. No.: HRB 197356 B (“we”, “our” or “us”), the operator of the website hive.one (“Website”). This Privacy Policy applies to Personal Data that we collect and process through the Website.

By accessing and using the Website or otherwise providing us with your Personal Data, for example when contacting our customer service, you confirm that you have read and that you understand the way we collect, process, use and disclose your Personal Data as described in this Privacy Policy. By accessing and using the Website, you agree to be bound by this Privacy Policy and consent to our processing of information as specified therein.

This Privacy Policy applies to all visitors, users, and others who access the Website ("Users").

For information collected under this Privacy Policy, we are the Data Controller. Regarding any Personal Data issues we may be contacted at privacy@hive.one.

With respect to the Users from European Economic Area (“EEA”), we collect and process their Personal Data in accordance with all applicable EU data protection laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 applicable as of 25 May 2018.

General

Your Personal Data privacy and security is important to us and we always pay special attention to ensure that we process your Personal Data lawfully in accordance with one of the legal bases set out under the EU data protection laws and regulations that apply to the Users. We store your Personal Data for as long as needed in order to fulfill the purposes outlined in this Privacy Policy. We may store the Personal Data longer, but only in a way that it cannot be tracked back to you. In order to provide the Users with the best possible Services through the Website, we may share some Personal Data of the Users with the companies directly or indirectly affiliated with us. We do not share the Personal Data and/or any other information about the Users with any other third parties. We may transfer the Personal Data of Users outside of the EEA. Please check regularly for changes to this Privacy Policy.

The Website may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their privacy policies. Please check the individual privacy policies before you submit any information to those websites and/or applications.

1. Definitions and legal references

Personal Data

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through the Website (or third-party services employed in the Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use the Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Website) and the details about the path followed within the Website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Website.

Service

The service provided by the Website as described in the relative terms (if available) and on the Website.

Cookies

Small sets of data stored in the User's device.

2. Types of Personal Data collected

Among the types of Personal Data that the Website collects, by itself or through third parties, there are: email address; Cookies; Usage Data; username; country; first name; various types of Personal Data; profession; picture; city.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this Privacy Policy or by specific explanation texts displayed prior to the Personal Data collection.

We do not request or intend to collect any “special categories of Personal Data” such as Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Kindly be cautious when sharing this information about yourself (or others).

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using the Website.

Unless specified otherwise, all Personal Data requested by the Website is mandatory and failure to provide this Personal Data may make it impossible for the Website to provide its services. In cases where the Website specifically states that some Personal Data is not mandatory, Users are free not to communicate this Personal Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact us.

Any use of Cookies – or of other tracking tools – by the Website or by the owners of third-party services used by the Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through the Website and confirm that they have the third party's consent to provide the Personal Data to us.

3. Methods of processing the Personal Data

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Personal Data.

The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to us, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by us. The updated list of these parties may be requested from us at any time.

4. Legal basis of processing the Personal Data

We will collect and process your Personal Data for the purposes described in this Privacy Policy on one of the following legal basis:

  • Legitimate Interests. This covers information and Personal Data that is processed by us for the purposes that can be reasonably expected within the context of your use of our services through the Website to pursue our legitimate interests in order to ensure you have the best experience when using the Website, to make sure your information is secure and to provide to you the features of the Website. We pay special attention to your Personal Data protection rights making sure that your Personal Data protection rights are not overridden by our legitimate interests. We rely on our legitimate interests and/or the legitimate interests of our affiliates for Personal Data processing for analytics, tracking and fraud prevention, push-notifications, cross-promotion, and contextual advertising purposes.
  • Consent. Where we ask for your consent to use your Personal Data for a particular purpose, we will make this clear at the point of collection and we will also make clear how you can withdraw your consent. We will ask for you consent before sharing any information with our advertising partners for the purposes of personalized advertising and before conducting any surveys.
  • Legal Obligation. This covers information that is processed by us to comply with a legal obligation.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

5. Place of processing the Personal Data

The Personal Data is processed at our operating offices and in any other places where the parties involved in the Personal Data processing are located.

Personal Data of the Users may be transferred to and processed in countries other than the country in which the Users are resident. These countries may have data protection laws that are different to the laws of User’s country.

This means that when we collect your Personal Data, we may process it in other countries. However, we ensure appropriate safeguards are in place so that your Personal Data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data between us and third party service providers and partners, which require us to protect Personal Data they process from the EEA in accordance with the applicable EU data protection laws and regulations. It also includes transferring Personal Data to third party service providers and partners which are certified under the EU-US Privacy Shield.

6. Recipients of Personal Data

Personal Data collected through our Website, and as part of our customer service are stored on the secured servers.

In general only the Website administrator may access your Personal Data stored on the secured servers.

For purposes of providing the Users with high quality Services through our Website, we may transmit the necessary Personal Data to the companies that are directly or indirectly affiliated with us and who may process the Personal Data of the Users on our behalf. These affiliated companies are contractually obligated to treat your Personal Data confidentially and to use them exclusively for purposes of improving the Services provided through the Website, as applicable. We do not disclose the Personal Data of the Users to any other third parties. However, in the case of the disclosure of your Personal Data to any such third parties, the scope of the Personal Data transmitted is limited to the minimum required.

Furthermore, unless this Privacy Policy specifies otherwise, we will only disclose your Personal Data to third parties if we are authorized or obligated to do this based on legal provisions or official or court orders or if you have given us your express consent to do so.

7. Retention periods

Your Personal Data are not kept by us for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under the applicable EU data protection laws and regulations.

We may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

8. The purposes of processing the Personal Data

We use the Personal Data we collect about you to deliver our Services to you through the Website and to operate our business. We use it also for improving our Services, for enhancing security and for analytics and research purposes to make sure we provide you with the best experience. In addition, we use your Personal Data to promote our Services. We use your Personal Data also for tracking and fraud prevention and for complying with our legal obligations.

We collect and process your personal data for the following purposes:

  1. Delivering and improving our Services. We use your Personal Data for developing, delivering and improving our Services through the Website, other content, tailoring our services, understanding and analyzing trends in connection with usage of our services through the Website, and administering the Website.
  2. Analytics and research. We use your Personal Data for understanding and analyzing trends in connection with the usage of our Services through the Website, gathering demographic information about our Users base. We may also create reports and analysis for the purposes of research or business intelligence, for example to track potential problems or trends with the Website, or to test the Website features and content.
  3. Security. We use your Personal Data for enhancing the safety and security of our services through the Website.
  4. Customer Support. We use your Personal Data for providing customer support to you and to respond to your inquiries.
  5. Our legal obligations. We use your Personal Data when we are required to do so by law.

Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this Privacy Policy.

9. Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

a) Access to third-party accounts

This type of service allows the Website to access Personal Data from your account on a third-party service and perform actions with it.

These services are not activated automatically, but require explicit authorization by the User.

  • Twitter account access (Twitter, Inc.)

This service allows the Website to connect with the User's account on the Twitter social network, provided by Twitter, Inc.

Personal Data collected: various types of Personal Data as specified in the privacy policy of Twitter, Inc..

Place of processing: United States – Privacy Policy. Privacy Shield participant.

b) Analytics

The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of User behavior.

  • Analytics collected directly (this Website)

This Website uses an internal analytics system that does not involve third parties.

Personal Data collected: Cookies; Usage Data.

  • Google Analytics with anonymized IP (Google Ireland Limited)

Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Personal Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.

Google may use the Personal Data collected to contextualize and personalize the ads of its own advertising network.

This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the EEA. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

Personal Data collected: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

  • Amplitude (Sonalight, Inc.)

Amplitude is an analytics service provided by Sonalight, Inc.

This service is designed for mobile apps analytics and can collect various information about your phone, highlighted in the Amplitude privacy policy.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy.

c) Backup saving and management

This type of service allows us to save and manage backups of the Website on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to the Website.

  • Backup on Google Drive (Google Ireland Limited)

Google Drive is a service to save and manage backups provided by Google LLC.

Personal Data collected: various types of Personal Data as specified in the privacy policy of Google.

Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

d) Contacting the User

  • Mailing list or newsletter (the Website)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning the Website. Your email address might also be added to this list as a result of signing up to the Website or after making a purchase.

Personal Data collected: email address; first name; Usage Data.

e) Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of the Website and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

  • Google Fonts (Google Ireland Limited)

Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows the Website to incorporate content of this kind on its pages.

Personal Data collected: Usage Data; various types of Personal Data as specified in the privacy policy of Google.

Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

f) Hosting and backend infrastructure

This type of service has the purpose of hosting Personal Data and files that enable the Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of the Website. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

  • Amazon Web Services (AWS) (Amazon Web Services, Inc.)

Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.

Personal Data collected: various types of Personal Data as specified in the privacy policy of Amazon.

Place of processing: Germany – Privacy Policy. Privacy Shield participant.

g) Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the pages of the Website for the purpose of saving and reusing data.

If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.

  • Mailchimp widget (The Rocket Science Group LLC)

The Mailchimp widget is a service for interacting with the Mailchimp email address management and message sending service provided by The Rocket Science Group LLC.

Personal Data collected: email address; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

h) Interaction with external social networks and platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of the Website.

The interaction and information obtained through the Website are always subject to the User’s privacy settings for each social network.

This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

It is recommended to log out from the respective services in order to make sure that the processed data on the Website isn’t being connected back to the User’s profile.

  • Twitter Tweet button and social widgets (Twitter, Inc.)

The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

i) Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.

These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

  • Sendgrid (Sendgrid)

Sendgrid is an email address management and message sending service provided by Sendgrid Inc.

Personal Data collected: Cookies; country; email address; Usage Data; username.

Place of processing: United States – Privacy Policy.

  • Mailchimp (The Rocket Science Group, LLC.)

Mailchimp is an email address management and message sending service provided by The Rocket Science Group, LLC.

Personal Data collected: email address; Usage Data; username.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

j) Managing landing and invitation pages

This type of service helps with building and managing landing and invitation pages, i.e., pages for presenting a product or service, where you may add your contact information such as an email address.

Managing these pages means that these services will handle the Personal Data collected through the pages, including Usage Data.

  • Mailchimp Landing Page (The Rocket Science Group LLC)

Mailchimp Landing Page is a landing page management service provided by The Rocket Science Group LLC, that allows the Website to collect the email addresses of Users interested in its service.

Mailchimp Landing Page allows the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of the created landing pages.

Personal Data collected: email address; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

k) Registration and authentication

By registering or authenticating, Users allow the Website to identify them and give them access to dedicated services.

Depending on what is described below, third parties may provide registration and authentication services. In this case, the Website will be able to access some Personal Data, stored by these third-party services, for registration or identification purposes.

  • Twitter OAuth (Twitter, Inc.)

Twitter Oauth is a registration and authentication service provided by Twitter, Inc. and is connected to the Twitter social network.

Personal Data collected: various types of Personal Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

l) Social features

  • Inviting and suggesting friends (the Website)

The Website may use the Personal Data provided to allow Users to invite their friends - for example through the address book, if access has been provided - and to suggest friends or connections inside it.

Personal Data collected: various types of Personal Data.

  • Public profile (the Website)

Users may have public profiles that other Users can display. In addition to the Personal Data provided, this profile may contain Users' interactions with the Website.

Personal Data collected: city; country; picture; profession; username.

m) Tag management

This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized fashion.

This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.

  • Google Tag Manager

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal Data collected: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

n) Infrastructure monitoring

  • Rollbar (Rollbar, Inc.)

Rollbar is a monitoring service provided by Rollbar, Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

10. Rights of Users

As an individual whose personal data is processed as described in this Privacy Policy, you have a number of rights which are summarized below. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable laws and regulations.

You can exercise these rights at any time by sending us relevant requests to privacy@hive.one.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Personal Data. Users have the right to object to the processing of their Personal Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Personal Data. Users have the right to learn if Personal Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected.
  • Restrict the processing of their Personal Data. Users have the right, under certain circumstances, to restrict the processing of their Personal Data. In this case, we will not process their Personal Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Personal Data from us.
  • Receive their Personal Data and have it transferred to another controller. Users have the right to receive their Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

In case you have a complaint about the processing of your personal data, you have the right to lodge a complaint with a competent supervisory authority.

Details about the right to object to processing of Personal Data

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this Privacy Policy.

11. Direct Marketing

We may from time to time process your Personal Data to send you marketing emails about Services that we provide through the Website. In this case your prior consent is required. These emails may contain features that help us make sure you received and were able to open the message. Furthermore, these emails may contain features to identify you when you click through a marketing email to visit the Website.

You may opt out of receiving marketing emails at any time, free of charge, by following the instructions in any marketing communication. Furthermore, you may select the frequency at which you receive marketing emails or unsubscribe if you no longer wish to receive marketing emails, by visiting the unsubscribe page, or by sending us relevant requests to privacy@hive.one.

12. Security

We have implemented appropriate technical and organizational measures to protect the confidentiality, security and integrity of the collected information, and to prevent unauthorized access and the use of information contrary to this Privacy Policy. We use commercially reasonable efforts to assure that your information remains secure when maintained by us.

13. Cookies and Cookie Policy

This Website uses Cookies. Cookies are text files that are stored in the Internet browser or on the Internet browser on the computer system. When the Website is called, a cookie can be stored on the operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the Website is reopened. However, this does not mean that we are immediately aware of your identity.

The use of Cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on the Website. These are automatically deleted after leaving the Website.

Cookies are stored on the computer of the User and transmitted by this computer on our side. Therefore, as a User, you have full control over the use of Cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of Cookies. Already saved Cookies can be deleted at any time. This can also be done automatically. If Cookies are disabled for the Website, it may not be possible to use all the features of the Website to the full extent.

To learn more and for a detailed Cookie notice, the User may consult the Cookie Policy.

14. Additional information for the Users

Legal action

The User's Personal Data may be used for legal purposes by us in front of the respective courts or in the stages leading to possible legal action arising from improper use of the Website or the Services.

Additional information about User's Personal Data

In addition to the information contained in this Privacy Policy, the Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, the Website and any third-party services may collect files that record interaction with the Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this Privacy Policy

More details concerning the collection or processing of Personal Data may be requested from us at any time. Please see the contact information stated in this Privacy Policy.

How “Do Not Track” requests are handled

The Website does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their own privacy policies.

Changes to this Privacy Policy

We will occasionally update this Privacy Policy as necessary to protect our users, furnish current information, and respond to legal and technical changes. The most current version of the Privacy Policy will govern our use of your information and will be available at hive.one/privacy-policy/.

For previous versions of this Privacy Policy, please contact us at privacy@hive.one.

15. Contact us

If you have questions or concerns about this Privacy Policy, please contact us through one of the following ways:

  1. For privacy questions and exercising your rights at privacy@hive.one.
  2. If you have a concern or compliance regarding our treatment of your Personal Data you can contact the relevant data protection authority. You can find contact details of data protection authority at https://edpb.europa.eu/about-edpb/board/members_en. For more information on which authority to contact, please email us at privacy@hive.one.
  3. For general information, please feel free to contact us via email to privacy@hive.one.