Last updated September 9th 2022
Terms defined in the GDPR and used in this document shall have the same meaning as in the GDPR.
"GDPR" is the EU General Data Protection Regulation (EU regulation no. 2016/679)
"services" means Huma’s proprietary software-as-a-service solution(s), as described on https://www.hu.ma/plans-pricing.
“we” are Huma AS, a Norwegian company located in Rådhusgata 23B, 0158 Oslo (ground floor), Norway ("Huma" or "us"/"we"/”our”).
“website visitor” A person who interacts with Huma’s websites (including www.hu.ma) or social media pages (collectively, the “sites”).
“customer”. An entity which has entered an agreement with Huma for use of the services.
“user” A customer, or person given access to the services by a customer, who makes use of Huma’s services, whether through the web client, mobile applications, or otherwise.
“marketing prospect”. Anyone whose data Huma processes for the purposes of assessing customer eligibility.
2. Purpose and Scope
3. Data controller and processor responsibilities
3.1 Huma as data controller
Huma is the data controller for all personal data processed about our website visitors and marketing prospects.
Huma is also the data controller for any processing of users’ personal data for any purpose other than providing the services.
3.2 Huma as data processor
The customer who makes available and permits users to access the services is the data controller of all data processed to provide the services to those users. Huma is a data processor for such data. For more information, please refer to Huma’s DPA.
3.3 Data Protection Officer
Our Data Protection Officer can be contacted in writing at email@example.com.
4. Personal data collected by Huma
4.1 Personal data we collect and receive
The personal data that we collect about you can broadly be categorized by how you interact with us, as described in the following sections. Parts of this information you provide voluntarily when you interact with the Huma Services and Sites. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as described in section 4.5 below).
Huma is the data controller for all such data except where explicitly stated otherwise.
4.2 We may collect the following personal data about website users, marketing prospects, or recipients of marketing communications
Registration, contact, and company information:
- first and last name;
- email address;
- phone number;
- company name;
- your role in your company.
- operating system type and version number, manufacturer and model;
- browser type;
- screen resolution;
- IP address;
- unique device identifiers.
- the website you visited before browsing to the Huma sites;
- how long you spent on a page or screen;
- how you interact with our emails;
- navigation paths between pages or screens;
- date and time;
- pages viewed;
- links clicked.
Third party source data:
- profile information gathered from social networking sites;
- information that you have viewed or interacted with our content;
- company information;
- job titles;
- email addresses;
- phone numbers;
- geolocation data.
The sources of this third party personal data may include:
- Contact enrichment and lead generation providers; and
- Targeted online advertising providers
4.3 Data we collect about our customers:
Registration and contact information:
- first and last name;
- email address;
- company name.
- credit card information;
- billing and mailing addresses;
- other payment-related information.
- Such information as you volunteer in a support chat.
4.4 Data we collect about our users:
- Personal data processed as part of providing the services, on instruction by the customer, as described in our DPA. For this data, the customer is the data controller and Huma is a data processor.
- Usage data:
- pages or screens viewed;
- how long you spent on a page or screen;
- navigation paths between pages or screens;
- session date and time;
- Huma assigned user identifier.
4.5 Cookies and other tracking technologies
5. How and why we use your personal data
We collect and process your personal data for the following purposes and, if you are from the European Economic Area (EEA), the UK or Switzerland, on the following legal bases:
- Offer and facilitate the delivery of Huma services: We process your personal information to perform the contract with you for the use of our services and websites and to fulfill our obligations under the applicable terms of service. For such processing, we are a data processor operating on your instructions to provide you the services. This is outlined in greater detail in our DPA.
- Communicate with customers about the Huma Services: We may send you service, technical and other administrative notices depending on our legitimate interests in managing the Huma Services.
- Provide support to users: When you contact us in a support context, we may process your personal information to answer your comments and questions and to provide customer care and support. For such processing, we are a data processor operating on your instructions to provide you the services. This is outlined in greater detail in our DPA.
- Improving Huma Services and Websites: We process your personal data to improve and optimize Huma Services and Websites and to understand how you use Huma Services and Websites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality depending on our legitimate interests. Such processing is anonymized before being sent from the client application you are using, and we do not store information for this purpose that can be connected to a specific person.
- Send marketing communications: If you are a marketing prospect, we process your personal information to send you marketing communications via email, mail or SMS about our products, services and upcoming events that may interest you. We do not process your information for this purpose without your consent. See the "Your Choices and Privacy Rights" section below to learn how to control your marketing preferences.
- Maintain the security of the Huma’s services and websites: We process your personal data to control the unauthorized use or misuse of our services and websites, or otherwise detect, investigate or prevent activities that may be in violation of Huma policies or applicable laws, depending on our legitimate interests in maintaining and promoting the security of our sites and services.
- Conduct other legitimate business purposes: including invoicing, auditing, fraud monitoring and prevention.
- Compliance with Legal Obligations: We process your personal data when we cooperate or comply with public and governmental authorities, courts or supervisory authorities in accordance with our obligations under applicable law and to protect against imminent damage to our rights, property or security, to our users, or to the public, as required or permitted by law.
In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organizations can rely when processing personal data.
If you have any questions about our legal bases for processing your personal data, please contact us at firstname.lastname@example.org.
6. Sharing your personal data
6.1 Collected personal data
Any data we collect about our users as part of providing the Services, is governed by our DPA
and not subject to this section.
We may disclose some or all of the personal data we collect about website users, marketing prospects, or recipients of marketing communications to the following third parties:
- Consultants and vendors engaged by us to support our provision of the Huma Services and Sites and the operation of our business;
- Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.
- Law enforcement, in order to:
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- Enforce the terms and conditions that govern the Services; and
- Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- Service Providers engaged by Huma in our role as Data Controller, as described in section 6.1.1 Data processors
6.1.1 Data processors:
|Data stored/processed in
|Data Processing Agreement
|Analytics of service/app interactions
|Europe - Ireland
|Data Protection Addendum
25-28 North Wall Quay, Dublin 1, Ireland
|Marketing contact management
HubSpot Data Processing Agreement
Dublin (European HQ)
1 Sir John Rogerson's Quay, Dublin 2
|Analytics of marketing efficacy
|Google Ads Data Processing Terms
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
6.1.2 Business Transfers:
- Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Huma Group Companies (including, as part of a bankruptcy or similar proceeding).
6.2 Website users and marketing
6.2 Anonymized information
We may also share anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.
6.3 Third-party websites
7. Retention of your personal data
8. Transfers of your personal data
Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data. See our DPA and Sub-processors for more information.
If you would like to find out more about international transfers, please contact our Data Protection Officer email@example.com.
9. How we store and safeguard personal data
We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards on our Security page.
10. Your choices and privacy rights
Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
- You have the right to unsubscribe to marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may stop receiving them by clicking on the "unsubscribe" link in the communications we send you.
- Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here.
You can exercise any of these rights by submitting a request to our Data Protection Officer at firstname.lastname@example.org
11. Children’s Privacy
12. Changes to this notice
If you have any questions, comments or concerns about the way your personal data is being used or processed by Huma, please submit any questions, comments or concerns in writing to request to our Data Protection Officer at email@example.com.