1. Information we receive in connection with our eDiscovery, hosting, consulting and other services, including online tools such as H5 Matter Intelligence and Collaboration Center, other than the “H5 Broadcast” section of the Collaboration Center (collectively, the “H5 Services”), and
1. Privacy Practices Specific to H5 Services
a. Information Collected Through the H5 Services
Through some H5 Services, we receive information from or on behalf of our customers. Because of the nature of our services, this information may contain any type of personal data.
b. Uses of Information Collected Through the H5 Services
Subject to our contractual obligations, and depending on the particular H5 Services, we use information described above as follows:
H5 Collaboration Center features online areas in which H5 customer personnel can interact with each other and with other customer-selected third parties (such as personnel from third-party law firms or consultants hired by the customer).
c. Disclosures of Information Collected Through the H5 Services
Subject to our contractual obligations, and depending on the particular H5 Services, we share the information described above as follows:
For those purposes, we may share information with:
2. Privacy Practices Specific to H5 Business Data
a. Information We Collect
H5 Business Data consists of contact details, information about an individual’s interactions with H5 or our partners, payment information and inferences drawn from these data points.
We obtain H5 Business Data directly from the relevant individuals (such as on the H5 Websites or at events), and also from third-party sources, such as their employers, referrals, marketing or lead generation companies, and social networking platforms (e.g., LinkedIn).
We and third parties may use automated means to read or write information on individuals’ devices, such as in various types of cookies and other browser-based or plugin-based local storage. Cookies are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from an individual’s device for purposes such as recognizing the device, service provision, record-keeping, analytics and marketing. You may choose to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. However, if you block or otherwise reject our cookies, certain websites (including our own websites) may not function properly.
In some cases, we facilitate the collection of information by advertising services administered by third parties. The ad services may track individuals’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show individuals advertisements that are tailored to their interests or characteristics and/or based on prior visits to certain sites or apps, or other information we know, infer or have collected from them. For example, we and the third-party vendors may use first-party cookies and third-party cookies together, as well as other automated means and other data (such as the data described above) (i) to recognize individuals and their devices, (ii) to inform, optimize, and serve H5 ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps). For controls specific to advertising and analytics services offered by Google, click here and here. For controls related to some of our other advertising partners, visit the DAA Consumer Choice page. You can also use specific controls for our advertising partners Linkedin, ListenLoop, and Pinterest. Visitors from IP addresses in the United Kingdom (“UK”), European Economic Area or Canada are automatically presented with a cookie consent tool that provides details and options for these and additional cookies. For more information about that tool or our cookies generally, or to use the tool from an IP address in the UK, European Economic Area or Canada, please visit this page. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.
b. Use of H5 Business Data
H5 uses and discloses H5 Business Data as follows:
c. Disclosures of H5 Business Data
Subject to our contractual obligations, and depending on the particular H5 Website or business process at issue, we share the information described above as follows:
For those purposes, we may share information with:
d. Legal Basis for Processing H5 Business Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing H5 Business Data are as follows:
– Customer service
– Protecting our customers, personnel and property
– Analyzing and improving our business
– Managing legal issues
3. Additional Information About Our Privacy Practices (applicable to both H5 Services and H5 Business Data)
a. Security of Your Personal Information
Transmission and storage of electronic information is never 100% secure or error-free. However, we have put in place physical, electronic, and administrative measures to help prevent unauthorized access, to maintain data security, and to use correctly the data we collect. You are responsible for maintaining the secrecy of any credentials that can be used to access any account or service with H5, and you must report suspected unauthorized activity to us. You are responsible for activity conducted with your credentials.
b. Personal Information Rights and Choices
To exercise any data protection rights you may have with respect to the personal data we process for a customer through H5 Services, please contact the customer. If we receive such a request for an identified customer from an individual, we may refer the request to the relevant customer and cooperate with their handling of the request, subject to any special contractual arrangement with that customer.
You may review and update certain personal information by logging in to the relevant portions of the H5 Services or H5 Websites where such information may be updated. To opt out of our marketing emails, click the unsubscribe link or email email@example.com.
Some individuals have certain legal rights (including, in certain cases, under the EU-U.S. and EU-Swiss Privacy Shield Frameworks) to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. In some cases, they can ask us to provide personal data in portable form or to transmit it to a third party. To exercise those rights, they may contact us as described at the end of this Policy. Individuals may also use the contact information below to object to our uses or disclosures of their personal data, request a restriction on its processing or to exercise any legal right to withdraw consent, though such actions typically will not have retroactive effect.
For example, individuals have a right to opt out of our processing of H5 Business Data for direct marketing purposes.
Rights under California law are described in Section 3(d) below.
The rights described here are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law, particularly in connection with our eDiscovery-related work.
c. International Data Protection and Privacy Shield
We recognize that the Court of Justice of the European Union ruled in July 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR export Personal Data to outside the UK and European Economic Area. H5’s customers also may transfer personal data to H5 on the basis of legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers. These include Standard Contractual Clauses, with or without reliance on applicable derogations under GDPR Article 49, such as transfers to H5 under Article 49(1)(e) (for transfers “necessary for the establishment, exercise or defence of legal claims”).
As affected customers who relied only on our Privacy Shield certification transition to other options (described above), H5 will continue to honor its obligation to comply with the Privacy Shield Principles with respect to such data.
When H5 receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on H5’s behalf, H5 has certain responsibility and potential liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) H5 is responsible for the event giving rise to the damage.
Covered European residents should direct any questions, concerns or complaints regarding H5’s compliance with the Privacy Shield to H5 as described at the bottom of this Policy. H5 will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with H5, your issue or complaint is not resolved, H5 has agreed to participate in the Privacy Shield independent dispute resolution mechanisms listed below, free of charge to you. PLEASE CONTACT H5 FIRST.
Every individual also has a right to lodge a complaint with the relevant supervisory authority, regardless of whether Privacy Shield applies. If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at privacyshield.gov.
H5 transfers GDPR-regulated personal data from the UK and European Economic Area on the basis of EC-approved Standard Contractual Clauses in conjunction with additional safeguards. Some H5 Services also allow our customers and users to make international data transfers to third parties, for which they are solely responsible.
d. Additional detail for California residents
The specific pieces of personal information collected in the last 12 months generally fall into the following categories under California law, to the extent that any of the following are personally identifiable: identifiers (such as name, email address and other contact information); commercial information (such as information about an individual’s interests and interactions with H5, including transaction data); Internet or other network or device activity (such as records of interaction on our website); professional or employment related data (such as title); other information that identifies or can be reasonably associated with an individual; and inferences drawn from any of the above.
CCPA “sale” of California personal information
Collection and disclosure of California personal information during past 12 Months
Category of personal information collected
Categories of third parties to which it was disclosed for a business purpose
|Identifiers, such as name, email address, phone number, address, IP address||Affiliates, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, and marketing and analytics companies; and entities involved in legal-related matters with H5.|
|Professional or employment-related information, such as title||Same as first row|
|Commercial information, such as information about an individual’s interests and interactions with H5, including transaction data||Same as first row|
|Internet or other electronic network activity information, such as technical data about a device and information about a device’s interactions with our website||Same as first row|
|Inferences drawn from any of the above information||Same as first row|
California privacy rights
If you are a California resident, California law may permit you to request that we:
Certain information is exempt from such requests under applicable law. For example, the CCPA has significant exceptions for certain B2B data. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights. We do not yet respond to browser-based do-not-track signals or similar mechanisms.
We will take steps to verify your identity before responding to your request, which may include requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.
If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.
To request to exercise your CCPA rights, please contact us as described below. For security and legal reasons, H5 reserves the right not to accept requests that require us to access third-party websites or services.
e. Notification of Changes
f. Contact Information