Last updated: December 27, 2019
MightyHive operates worldwide through subsidiary and affiliate companies. A list of the MightyHive group companies (collectively, “MightyHive,” “we” or “us”) can be viewed here. MightyHive is committed to protecting the personal information of our clients and prospective clients, as well as other users of our websites and services. It is important to us that you understand how we treat your personal information and we encourage you to read this Policy carefully.
Categories of personal information we collect
Use of personal information
|Name, contact information and other identifiers: identifiers such as a name, username, account name, address, phone number, email address, online identifier, IP address, government-issued identification numbers or other similar identifiers.
Customer records: paper and electronic customer records containing personal information, such as name, signature, contact information, employment history, government identifiers, and financial or payment information.
Protected classifications: characteristics of protected classifications under California or federal law such as race, sex, age, religion, national origin, disability and citizenship.
Commercial information: such as records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
Internet or other electronic network activity information: such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Geolocation data: precise location information about a particular individual or device.
Audio, video and other electronic data: such as, CCTV footage, photographs, and call recordings, as well as other audio, electronic, visual, or similar information.
Employment information: professional or employment-related information.
Education information: education information and records.
Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
|Operating Services and Sites and providing related support
Responding to requests
Analyzing and improving Services, Sites and our business
Advertising and marketing
Protecting our legal rights and preventing misuse
Complying with legal obligations
Related to our general business operations
Please see the Your Choices and Rights section below for a description of the choices we provide and the rights you have regarding your personal information. If you are a California resident, please be sure to review the section Additional Information for Individuals in Certain Jurisdictions below for important information about the categories of personal information we collect and disclose and your rights under California privacy laws.
Our collection, use and disclosure and processing of personal information about individuals will vary depending upon the circumstances. This privacy notice is intended to describe our overall privacy and data protection practices. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain personal information.
Personal Information. In this Policy, our use of the term “personal information” includes other similar terms under applicable privacy laws—such as “personal information” and “personally identifiable information.” In general, personal information includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual.
Not Covered by this Policy. This privacy notice does not apply to job applicants and candidates who apply for employment through our job application portal, or to employees and non-employee workers, whose personal information is subject to different privacy notices.
Client Data. MightyHive provides programmatic support, consulting and campaign management services, facilitates and manages access to third-party services, and provides an innovative platform to clients to bring it all together (our “Services”). We may receive, access or otherwise process personal information in order to provide our Services (the “Client Data”) to clients. In such cases, MightyHive will only process Client Data on behalf of and under the instructions of our clients and as set out in our client agreements, or where otherwise required by applicable laws.
Controller and Responsible Party
For the purposes of GDPR, MightyHive, Inc. is the controller of your personal information. In addition, where you have a direct business relationship with another MightyHive group entity, they are a controller for the personal information they used to manage their direct business relationship with you, such as name and contact details. With respect to any Client Data, our clients are the data controllers or businesses for their respective Client Data, and we are a data processor or service provider with respect to Client Data.
Information We Collect
The personal information that we collect and process will vary depending upon the circumstances. You do not have to provide us with your personal information to access much of our Site. However, if you choose not to disclose certain information, we may not be able to provide certain Services to you or we may be unable to fully respond to your inquiry.
Sources of Personal Information. We collect personal information directly from individuals, automatically related to the use of our Site or Services, and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third party services that we use).
Information collected directly. We may collect personal information about you (such as your name, address, and contact details) directly from you. For example, when you fill out a ‘Contact Us’ form, signup for our mailing lists, register for events we host or sponsor, register for an account, post comments on our Sites, or otherwise provide us information through the Sites, we may collect personal information such as:
- name, company name, and title/position
- email address, phone number, mailing address and contact details
- contact preferences and interests
- business affiliations
- for events, it may include dietary restrictions, requested accommodations and other event-related preferences
- other information related to your request or inquiry
Information collected from third parties. We may collect personal information about from third party sources, such as public databases, joint marketing partners, social media platforms or other third party platforms. For example, if you choose to link, create, or log in to your Services account with a third-party account (e.g., Google), or if you post information or engage with us on third party platforms we may collect personal information about you related to that third party platform or account. In many cases you can control what personal information you share with us through privacy settings available on those third-party social media services.
Categories of Personal Information We Collect. Certain laws, such as the California Consumer Privacy Act (“CCPA”) requires that we disclose certain information about the categories of personal information that we collect about individuals. While the information we collect varies depending upon the circumstances, such as our interactions with you, we may collect the following categories of personal information (subject to applicable legal requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a name, username, account name, address, phone number, email address, online identifier, IP address, government-issued identification numbers or other similar identifiers.
- Customer records: paper and electronic customer records containing personal information, such as name, signature, contact information, employment history, government identifiers, and financial or payment information.
- Protected classifications: characteristics of protected classifications under California or federal law such as race, sex, age, religion, national origin, disability and citizenship.
- Commercial information: such as records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Internet or other electronic network activity information: such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Geolocation data: precise location information about a particular individual or device.
- Audio, video and other electronic data: such as, CCTV footage, photographs, and call recordings, as well as other audio, electronic, visual, or similar information.
- Employment information: professional or employment-related information.
- Education information: education information and records.
- Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Purposes and Legal Bases of Use
Certain laws, including the EU General Data Protection Regulation (“GDPR”), require that we inform you of the legal bases for our processing of your personal information. Pursuant to the GDPR (and other similar laws), we process personal information for the following legal bases:
- Performance of contract: as necessary to enter into or carry out the performance of our contract with you.
- Compliance with laws: for compliance with legal obligations and/or defense against legal claims, including those in the area of labor and employment law, social security, and data protection, tax, and corporate compliance laws.
- Our legitimate interests: in furtherance of our legitimate business interests, which are not overridden by your interests and fundamental rights, including:
- Performance of contracts with clients and other parties
- Implementation and operation of global support (e.g., IT) services for our business operations
- Improving our Site and Services, developing trend and benchmark reports, and similar purposes
- Customer relationship management and improving our Sites and Services, including other forms of marketing and analytics
- Fraud detection and prevention, including misuse of Services or money laundering
- Physical, IT, and network perimeter security
- Internal investigations
- Mergers, acquisitions, and reorganization, and other business transactions
- With your consent: where we have your consent (the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent, which you can do this at any time by contacting us using the details at the end of this privacy notice. In some jurisdictions, your use of the Services may be taken as implied consent to the collection and processing of personal information as outlined in this privacy notice.
In addition, we may process your personal information where necessary to protect the vital interests of any individual.
Purposes for Using Personal Information. The purposes for which we may process personal information will vary depending upon the circumstances In general we use personal information for the purposes set forth below, and where GDPR or other relevant laws apply, we have set forth the legal bases for such processing in parenthesis (see above for further explanation of our legal bases):
- Operating Services and Sites and providing related support: to provide and operate our Sites and Services, communicate with you about your use of the Sites and Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes. (Legal bases: performance of our contract with you; and/or our legitimate interests)
- Responding to requests: to respond to your inquiries, fulfill your orders and requests, and consider your request or application (e.g., if you have submitted a resume or other application information online or by email, we will use it as part of the application review process). (Legal basis: performance of our contract with you)
- Analyzing and improving Services, Sites and our business: to better understand how users access and use the Sites, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop services and features. (Legal basis: our legitimate interests)
- Personalizing experiences: to tailor content we may send or display on the Sites, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences. (Legal basis: our legitimate interests)
- Advertising and marketing: to promote MightyHive’s products and services on third-party websites, as well as for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. (Legal bases: our legitimate interests; and/or with your consent)
- Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. (Legal bases: our legitimate interests; and/or compliance with laws)
- Related to our general business operations: to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions. (Legal bases: our legitimate interests; and/or compliance with laws)
Aggregate, De-identified or Anonymous Data. We also create and use aggregate, anonymous and de-identified data to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.
Disclosure of Personal Information
In general, we disclose the personal information we collect as follows:
- Affiliates. Your personal information may be shared with our affiliated companies (list of MightyHive entities available here), whose handling of personal information is subject to this Policy.
- Service providers. We may share your information with third party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, consultants, and customer service and support providers.
- Enterprise users. If you use the Services on behalf of your company (our client), we may share personal information about your access to the Services and your communications or requests to us, with the relevant enterprise client.
- Business transfers. We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Legally required. We may disclose your information if we are required to do so by law (e.g., to law enforcement, courts or others, in response to a subpoena or court order).
- Protect our rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and protect the rights, property or safety of us, our clients, and others.
Aggregate and De-identified or Anonymous Data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
Categories of Personal Information Disclosed. Certain privacy laws (such as the CCPA) require that we disclose the categories of personal information that we may disclose for a business purpose. (Further descriptions of the categories of personal information are provided above, in the Information We Collect section). In general, we may disclose the following categories of personal information in support of our business purposes identified above:
- Name, contact information and other identifiers
- Customer records
- Protected classifications
- Internet or other electronic network activity information
- Geolocation data
- Audio, video and other electronic data
- Employment information
- Profiles and inferences
Categories of Personal Information Sold. The CCPA defines a “sale” as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available certain categories of personal information to third parties, in order to receive certain services or benefits from them (such as when we allow third party tags to collect browsing history and other information on our Sites to improve and measure our ad campaigns), including:
- Name, contact information and other identifiers
- Internet or other electronic network activity information
- Profiles and inferences
Cookies and Similar Devices
Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.
MightyHive is headquartered in the United States and has operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States) that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.
If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country. You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.
Your Choices and Rights
Access, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, to request deletion of or object to processing of your information, please send your request to email@example.com. We may ask you for additional information so that we can confirm your identity.
Direct Marketing. You may always opt-out of direct marketing emails from us by following the instructions in such emails or emailing firstname.lastname@example.org. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
Additional Information for Certain Jurisdictions. We are committed to respecting the privacy rights of individuals under all privacy laws applicable to us. Some privacy and data protection laws require that we provide specific information about individual rights to applicable consumers, which we have set forth at the end of this privacy notice:
- California: if you are a California resident, you have certain rights, under California privacy laws, regarding your personal information as set forth below.
- EU/EEA: if you are in the European Union / European Economic Area, below we provide further details about your rights under the GDPR.
We have implemented safeguards and technical measures to protect the personal information that we have under our control from unauthorized access, use or disclosure. However, no data security measures can guarantee 100% security.
As a general rule, we retain your personal information for as long as necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. In general, for example, we will retain relevant personal information of clients and Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others. Our clients instruct us on how long to retain Client Data, which we handle as a data processor.
Information About Children
The MightyHive site is not intended for minors under the age of 16. We do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us at email@example.com, so that we can delete this information from our servers.
From time to time, we may update this Policy to reflect new or different privacy practices or to reflect changes in industry standards or legal requirements. We will place a notice online when we make material changes to this the Policy. Additionally, if the changes will materially affect the way we use or disclose Information, we will notify you in advance of the change by sending a notice to the primary email address associated with your account or by posting a notice on our Site. We encourage you to periodically review this Policy for the latest information on our privacy practices.
If you have questions or concerns regarding the way in which your personal information is being processed or this Policy, please email us at firstname.lastname@example.org or reach out to MightyHive using the contact information below:
394 Pacific Avenue
San Francisco, CA 94111
EU Representative. If you are in the EU, you may also reach us through our UK office:
10 Bloomsbury Way
London WC1A 2SL
Additional Information for Individuals in Certain Jurisdictions
IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”).
California Residents’ Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
- Do-Not-Sell: California residents have the right to opt-out of our sale of their personal information Opt-out rights can be exercised be submitting a request to us online. We do not sell personal information about residents who we know are younger than 16 years old without opt-in consent.
- Notice before collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
- Request to delete: California residents have the right to request, at no charge, deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law.
- Request to know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties/with whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third party for a business purpose; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
California residents may make a Request to Know up to twice every 12 months, at no charge. We will respond to verifiable requests received from California residents as required by law.
- Discrimination and financial incentives: The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent.
Submitting Verifiable Requests. Requests to know and requests to delete may be submitted:
We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.
INDIVIDUALS IN THE EUROPEAN / EUROPEAN ECONOMIC AREA
This section explains the right that data subjects in the European Union / European Economic Area (“EEA”) have pursuant to the GDPR.
Rights under the GDPR. Individuals in the EEA have the below rights with respect to their personal information.
- Right of access: You can ask us to: confirm whether we are processing your personal information; give you a copy of that information; provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your information from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Right to rectify and complete personal information: You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Right of erasure: You can ask us to erase your personal information, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Right of restriction: You can ask us to restrict (i.e. keep but not use) your personal information, but only where: its accuracy is contested, to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Right to object to our use of your personal information for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
- Right to object for other purposes: You have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to (data) portability: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Right to withdraw consent: You can withdraw your consent in respect of any processing of personal information which is based upon a consent which you have previously provided.
- Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
- Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.
Submitting a GDPR Request. Please contact us as set out in the Contact Us section below to exercise one of these rights. If we receive any requests from individuals related to the Platform Data, we will forward the request to the relevant clients.