1. Contact Information
General contact info:
72 Stork Street
Brgy. Montevista, Bacolod City
Negros Occidental, Philippines 6100
HYBrain has appointed a data protection officer (DPO).
You may contact HYBrain’s DPO Nubbin Endonila Bito-on at firstname.lastname@example.org.
2. Applicability and Eligibility
The Services are not directed to children under the age of 18. You may not use the Services if you are under the age of 18. If you are under the age of 18, you should not provide any information on our Services.
3. Purpose of Personal Data Collection
We use the information we receive about you for the purposes described in this policy. We generally process personal data received about you through our Services on the legal basis of our legitimate interests in providing the Services and their functionality to you where such processing is necessary for the purposes of the legitimate interests pursued by us or by our Service Providers related to the Services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing. We will not share, sell, rent, or otherwise disclose your personal data to third parties without your consent or another valid legal basis permitted by law.
We will share your information in the following circumstances on the legal basis of the legitimate interests of providing the requested Services:
Service Providers: We use third parties to support our business and provide services such as receiving, processing and fulfilling orders, encrypting credit card data as a further measure of securing the data, processing credit card payments, processing product reviews, technical support, and providing comparative performance information relative to our site (“Service Providers”). These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share to our Service Providers may include both information you provide to us and information we collect about you, including personal data and information from data collection tools like cookies, web beacons, and log files.
We may disclose the personal data that you have provided to us to Service Providers that we have engaged to perform business-related functions on our behalf, but only:
- to contractors we use to support our business (such as fulfillment services, technical support, delivery services, and financial institutions) or assist in providing the Services, in which case we will require such third parties to agree to treat your personal data in accordance with this policy and use it for the same purposes;
- to respond to law enforcement requests or where required by applicable laws, court orders, or government regulations.
Business transactions: We may purchase other businesses or their assets, sell our business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets (a “Business Transaction”). Your information, including personal data, may be among assets sold or transferred as part of a Business Transaction. In some cases, we may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enables our organization to develop over the long term.
Safety and Lawful Requests: We may be required to disclose Services user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Services or using our name, or to protect the safety of any person. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this policy is intended to limit any legal defenses or objections that you may have to a third-party’s, including a government’s or request to disclose your information.
Social gatherings: If you are a business or organization that has scheduled a conference, event, or meeting at one of our facilities, we may also share your personal data with our event organizers. We also use return e-mail addresses to answer the email we receive from you. Your e-mail address will not be used for any other purpose or shared with outside third parties for their direct marketing purposes. We may also use your IP address to help protect HYBrain and our Service Providers from fraud.
Employment opportunities: If you submit a resume or seek to fulfill other staffing requirements, we will use that information solely in connection with your application for current or future staffing requirements, and we may also share your resume or application information with our business partners or affiliates that have staffing requirements for which you may be qualified.
Other purposes: HYBrain may also disclose your personal data as is necessary to:
- comply with a subpoena or court order;
- cooperate with law enforcement or other government agencies;
- establish or exercise our legal rights;
- protect the property or safety of our company and employees, contractors, vendors, suppliers, and customers;
- defend against legal claims;
- help with internal and external investigations; or
- as otherwise required by law or permitted by law.
We may disclose your information in connection with the sale or merger of HYBrain or any transaction that involves the sale or assignment of some or all of our assets.
Aggregated Non-Personal Data: We may disclose aggregated, non-personal data received from providing the Services, including information that does not identify any individual, without restriction. We may share demographic information with business partners, but it will be aggregated and de-personalized, so that personal data is not revealed.
4. Personal Data Collection
We define personal data as any information relating to an identified or identifiable natural person, and an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
We rely on a number of legal bases to process the information we receive about you from your use of the Services, including where:
- you have consented to the processing;
- the processing is necessary to perform the contractual obligations in order to provide the Services to you, including those of our terms of service;
- necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims;
- necessary to protect your vital interests, or those of others;
- necessary in the public interest;
- necessary for the purposes of our or a third-party’s legitimate interests, such as those of visitors, users, or partners; and
- you have expressly made the information public.
Where we process your information on the basis of consent, we will clearly obtain your opt-in consent. Where given, you may withdraw your consent at any time by contacting us at email@example.com. Where we process your information on the basis of legitimate interests, we do so where the processing is necessary for your legitimate interests or the legitimate interests of a third-party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
Information we may collect about you
Account Information: You may register for an account with us (a “Services Account”). We do not require you to register to use our Services. However, if you do register a Services Account, you will gain access to those areas and features of the Services that require registration. We will collect certain information about you in connection with your registration for a Services Account, which may include personal data and other information such as a username and password.
To register for a Services Account, we will ask you to provide the following:
- Your first and last name, email, company size, password, phone (optional), and Skype handle (optional).
- You may optionally upload your photo.
To register your organization for a Services Account, we will ask you to provide the following:
- Your organization name, team size, currency, logo (optional), preferred settings, team member’s email and role.
- Information about a job offered or desired, your skills and experience, your company or agency, and related information shared through HYBrain Talent.
Payment Transaction Information: We may collect information related to purchases made through the Services. You may provide certain information to complete payments via the Services, including your credit or debit card number, card expiration date, CVV code, and billing address (collectively, “Payment Information”), along with your name and billing, delivery and shipping address, to complete payment transactions through certain services.
Correspondence Information: If you sign up, email us, subscribe to our blog, newsletters, or mailing lists, we may keep your message, email address, and contact information to respond to your requests, provide the requested products or Services, and to provide notifications or other correspondences to you. We do not share or sell any personal data to other organizations for commercial purposes.
If you do not want to receive communications from us in the future, please let us know by sending us an e-mail requesting the same to firstname.lastname@example.org or by following the unsubscribe instructions found in any e-mail we send. If you supply us with your postal address, you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by contacting us at email@example.com.
Please note requests to remove your email address from our lists may take some time to fulfill. We may also still contact you as needed to provide important announcements or notifications regarding the Services.
Support Information: You may provide information to us via a support request submitted through the Services. We will use this information to assist you with your support request. Please do not submit any information to us via a support submission, including confidential or sensitive information that you do not wish for our Service Providers to have access to or use in the future.
Form Information: We may use forms to request certain information from you on the Services, such as your contact information to assist with contacts or service requests. This information may include personal data.
User contributions: You also may provide information to be posted on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and bio metric data).
5. Information collected automatically
We use automatic data collection and analytics technologies to collect aggregate and user-specific information about your equipment, domain name, patterns of use, communication data and the resources that you access and use on the Services, including your IP address, browsing and navigation patterns. This information is used to improve our Services.
We generally process information collected automatically on the legal basis of our legitimate interests in assessing the use of our Services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing.
Information we collect automatically through your services include
Internet browser: Your Internet browser automatically transmits certain anonymous information when you use certain Services. As you navigate through our Services, we and our partners who include third-party Service Providers (as defined below) we engage to help provide our Services, may use automated means to collect various types of information about you, your computer or other device used to access our Services.
A representative, non-exhaustive list of the types of automatically collected information may include:
- network or Internet protocol address and type of browser you are using (e.g., Chrome, Safari, Firefox, Internet Explorer);
- the type of operating system you are using (e.g., Microsoft Windows or Mac OS), the name of your Internet service provider (e.g., Comcast, Verizon or AT&T) and domains used by such providers, mobile network, device identifiers (such as an Apple IDFA or an Android Advertising ID);
- device settings;
- browser settings;
- the web pages of the Services you have visited;
- Services visited before, and after your visit a Service, the type of handheld or mobile device used to view the Service (e.g., iOS, Android); or
- location information, and the content and advertisements you have accessed, seen, forwarded and/or clicked on.
We, along with our Service Providers, may use and combine such collected anonymous information to provide better service to site visitors, tailor the site based on your preferences, compile and analyze statistics and trends, monitor website activity and performance and otherwise administer and improve the site for your use. However, such information is not combined with your personal data collected.
Geo-location information: If you are accessing our Services from a mobile device or through a mobile application, you may be asked to share your precise (GPS level) Geo-location information with us so we can customize your experience on our Services. If you agree to such collection, in most cases, you will be able to turn off such data collection at any time by accessing the privacy settings of your mobile device and/or through the setting in the applicable mobile application.
Information collected by and from social media services and other third-party platforms: Our users can engage in content on or through social media services or other third-party platforms, such as Facebook, or other third-party social media plug-ins, integrations and applications. When you engage in our content on or through social media services or other third-party platforms, plug-ins, integrations or applications, you may allow us to have access to certain information in your profile. This may include your:
- email address;
- location; and
- ID associated with the applicable third-party platform or social media account user files, like photos and videos, your list of friends or connections, people you follow and/or who follow you, or your posts or “likes.”
When we interact with you through our content on third-party websites, applications, integrations or platforms, we may obtain any information regarding your interaction with that content, such as content you have viewed and information about advertisements within the content you have been shown or may have clicked on.
Analytics information: We use data analytics to ensure site functionality and improve the Services. We use mobile analytics software to allow us to understand the functionality of the Services on your phone. This software may record information such as how often you use the Services, what happens within the Services, aggregated usage, performance data, app errors and debugging information, and where the Services were downloaded from. We do not link the information we store within the analytics software to any personal data that you submit within the mobile application.
Log file information: When you use our Services, we may receive log file information such as your
- IP address;
- browser type;
- access times;
- domain names operating system;
- the referring web page(s);
- pages visited;
- your mobile carrier;
- device information (including device and application IDs);
- search terms;
- and cookie information.
We receive log file data when you interact with our Services, for example, when you visit our website, sign in to our Services, or interact with our email notifications. We use log file data to provide, understand, and improve our Services, and to customize the content we show you. We may link this log file to other information we collect about you via the Services.
Information collected by our desktop applications (Mac, Windows and Linux): We may also collect screenshots, applications currently being worked on, web URLs visited, time you are active, the operating system you are using, whether or not you have an input device such as a monitor, whether your mouse is actively moving or not, the names of projects or tasks being worked on, the amount of time worked on those tasks, the browser version you are using, and whether your keyboard is being typed on.
Note: HYBrain is not a keylogging program. It does not know what you are typing; rather, HYBrain merely records whether your keyboard is active or inactive. All HYBrain screenshots are uploaded via SSL over the standard HTTPS port (443). Our input clients do all screenshot uploading directly to Amazon S3 (screenshots never pass through our server). We do not upload keystrokes. (We do not even store keystrokes locally.) We upload the total seconds within a 10 min block that there was “activity” and the total seconds “worked” roughly every 10 minutes. This is done via a separate queue within the client which uses SSL (port 443). Additionally, your screenshots are obfuscated on Amazon’s servers.
Cookies: Under the laws of various EU countries, including, without limitation cookies may be served, as long as individuals have provided their consent, having been given clear and comprehensive information, in particular about the purposes for which their personal data will be processed. In at least the above-referenced countries, effective consent may be provided by using browser settings, as long as you take positive action. Before using HYBrain websites, you are advised to check your current browser settings to ensure that the settings reflect your consent for HYBrain to place cookies on your devices. You do not have to accept our cookies and you may set your browser to restrict their use and you may delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some areas of our websites may take more time to work, or may not function properly.
Information collected by the HYBrain mobile app (iOS and Android): HYBrain uses the GPS device on your phone to store its location and display this on a map at www.hybrain.co and your mobile device. This data is only collected if the mobile app is being used.
Other web technologies: Our Service Providers (defined below) may also use other standard web-based technologies to analyze your movements while accessing our Services. The technologies include web “beacons,” “pixel tags,” and “clear gifs.” These technologies help us ascertain the effectiveness of our product and service campaigns and marketing programs, allow us to customize the services offered on or through our websites, and help determine the best use for websites content, and product and service offerings. Some of this information, including the IP address, may be stored on our Service Provider’s server logs, and may be available for extended periods of time.
Advertisements: Our display advertising partner, AdRoll, then enables us to present you with retargeting advertising on other sites based on your previous interaction with the HYBrain’s website. The techniques our partners employ does not collect personal data such as your name, email address, postal address or telephone number.
You can visit this page (http://www.networkadvertising.org/choices) to opt out of AdRoll and their partners’ targeted advertising.
6. Your Rights
We seek to ensure all individuals are provided with the rights mandated by their governing jurisdiction. Not all of the rights discussed in this policy will apply to each individual data subject and may not apply to you depending upon your jurisdiction.
You may benefit from a number of rights in relation to your information that we process. Some rights apply only in certain limited cases, depending on your location. If you would like to manage, change, limit, or delete your personal data, you can do so by contacting us at firstname.lastname@example.org. Upon request, we will provide you with information about whether we hold any of your personal data. In certain cases where we process your information, you may also have a right to restrict or limit the ways in which we use your personal data. In certain circumstances, you also have the right to request the deletion of your personal data, and to obtain a copy of your personal data in an easily accessible format.
To the extent that such rights are mandated by the laws applicable to the individual data subject, such as all data subjects residing in the European Union (“EU”), the following rights may apply:
- the right to access (GDPR, Article 15);
- the right to rectification (GDPR, Article16);
- the right to erasure (GDPR, Article 17);
- the right to restrict processing (GDPR, Articles 18);
- the right of object (GDPR, Article 21);
- the right to data portability (GDPR, Article 20); or
- the right to lodge a complaint with an appropriate data privacy regulatory authority (GDPR, Article 77).
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Attributes is available here: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
If your further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of the specific details in response to your request.
If we process your information based on our legitimate interests as explained in this policy, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate ground to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or changing your account settings.
Where you have provided consent to certain data processing, you have the right to withdraw that consent at any time by contacting us at email@example.com. A withdrawal of consent will not affect the validity of our use of your personal data up until the point you have withdrawn your consent.
If you no longer wish to use the Services or receive service-related messages (except for legally required notices), then you may contact us using the information above.
If you use HYBrain in your capacity as an employee, your employer has direct access to your data. If you are an independent contractor, the person or entity with whom you contract has direct access to your data. In addition, HYBrain employees may have access to your data for testing or the general improvement of our software, to notify you about changes to our website or any products or services we offer or provide through it, or to fulfill the purpose for which you provided it. See our terms of service at https://hybrain.co/terms for additional information in this regard.
Access to the information we have collected about you: We provide certain tools and settings within the Services to help you access, correct, delete, or modify your personal data associated with the Services. You may also contact us regarding the information we have collected about you, including regarding the nature and accuracy of the data that has been collected about you, to request an update, modification, or deletion of your information, to opt-out of certain Services uses of your information, or to withdraw any consent you may have granted to us. Please note that if you choose to delete your information or opt-out of the collection and use of your information, you understand that certain features, including but not limited to access to the Services, may no longer be available to you.
Data retention: We will retain your information only for as long as is necessary for the purposes set out in this policy, for as long as an account is active or as needed to provide the Services to you. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy. We also retain log files for internal analysis purposes. These log files are generally retained for a brief period of time, except in cases where they are used for site safety and security, to improve site functionality, or we are legally obligated to retain them for longer time periods. We may delete your personal data from our systems as part of a data retention plan. Following termination or deactivation of a Services Account, we may retain your information and content for a commercially reasonable time for backup, archival, and audit purposes.
Opting-out of communications from us: Users may opt-out of receiving certain communications from us by following the unsubscribe process described in email communication, or by contacting us using the contact information provided above. However, please note you may not opt-out of certain Services-related communications, such as account verification, changes or updates to features of the Services, or technical and security notices.
Do Not Track: We do not currently employ a process for automatically responding to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Per industry standards, third parties may be able to collect information, including personal data, about your online activities over time and across different websites or online services when you use Services. You may opt out of online behavioral ads at http://www.aboutads.info/choices. You also may limit certain tracking by disabling cookies in your Internet browser.
7. Data Security
The security of your personal data is important to us. We take reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration and destruction. We implement security measures as we deem appropriate and consistent with industry standards. As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that personal data we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information you transfer to or from Services is provided at your own risk.
Please do your part to help us keep your information secure. Services Account information is protected by a password. It is important that you protect against unauthorized access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services. You are responsible for maintaining the confidentiality of your password and Services Account, and are fully responsible for all activities that occur under your password or Services Account. We specifically reserve the right to terminate your access to the Services and any contract you have with us related to the Services in the event it learns or suspects you have disclosed your Services Account or password information to an unauthorized third-party.
We make reasonable efforts to ensure that our other Service Providers have implemented physical, electronic, and procedural security measures to assist with safeguarding your personal data, and to help protect against unauthorized access and disclosure. Only our authorized personnel and our Service Providers who perform legitimate business functions for HYBrain are authorized to access your personal data. Notwithstanding our efforts, the Internet has inherent security risks. HYBrain cannot promise, and you should not expect, that your personal data, personal searches, and other communications will always remain secure. You should take care with regard to how you handle and disclose your personal data or any username or password that you are required to use to access services on our websites.
8. Data Protection Responsibilities
Where you act for a company processing personal data, or where you provide us the personal data of individuals, you are acting as a data controller, and HYBrain is the data processor. As a data controller, you are responsible for protecting the personal data you process and complying with all relevant legal requirements when you use the Services. This includes applicable data protection and privacy laws that govern the ways in which you can use personal data. Data controllers are also responsible for protecting personal data they provide to their data processors and must have a written agreement in place governing the details of the processing. You may find HYBrain’s standard data processor agreement linked via the Services, or contact us at firstname.lastname@example.org to request a copy.
9. Children and Data Collection
HYBrain’s websites are general audience websites. HYBrain’s website content is not directed toward children who are under the age of 18. We do not knowingly collect personal data from children or minors. If HYBrain or its Service Providers become aware that a child or minor has provided us with personal data without parental consent, that information will be deleted from our databases. If you have questions about personal data that may have been submitted by a child, please email us at email@example.com.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resourced mechanism) as a third-party resolution provider.