Privacy Policy

Last updated October 23rd 2020

1. PURPOSE AND SCOPE

1.1 Huma respects your privacy and your data protection rights. We recognize the importance of protecting the personal data we collect and process. The Privacy Policy aims to help understand what personal data we collect about you and how we use and share it.

1.2 When we refer to Huma, we mean Huma AS, a Norwegian registered company located at Rådhusgata 23B, 0158 Oslo, Norway; and Huma's group companies ("Huma", "we", "us", "our").

1.3 This Privacy Policy applies to you if you:

  • Interact with Huma’s websites (including www.hu.ma) or social media pages (collectively, the "Sites") ("website users");
  • Visit any of Huma’s offices ("office visitors");
  • Participate on an Huma event or an event which Huma sponsors ("event attendees");
  • Use any of Huma's products, mobile applications, and our other applications and services (collectively, the "Huma Services") ("customers");
  • Are a marketing prospect, anyone whose data Huma processes for the purposes of assessing customer eligibility ("marketing prospect"); or
  • Receive marketing communications from Huma.

1.4 For the purposes of the General Data Protection Regulation ( ("GDPR"), Huma AS or any other Huma group company from time to time, is the controller of your personal data. Our Data Protection Officer can be contacted in writing at dpo@hu.ma.

2. PERSONAL DATA COLLECTED BY HUMA

2.1 PERSONAL DATA WE COLLECT AND RECEIVE

The personal data that we collect about you can broadly be categorized in the following table. Parts of this information you provide voluntarily when you interact with the Huma Services and Sites, or when you participate in an event or visit our offices. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as further described in the table).

We may collect the following personal data about:

  • website users;
  • recipients of marketing communications
  • marketing prospects.
Registration, contact, and company information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • company name;
  • your role in your company.
Payment information:
  • credit card information;
  • billing and mailing addresses;
  • other payment-related information.
Device data:
  • operating system type and version number, manufacturer and model;
  • browser type;
  • screen resolution;
  • IP address;
  • unique device identifiers.
Service data:
  • the website you visited before browsing to the Huma Services;
  • how long you spent on a page or screen;
  • how you interact with our emails;
  • navigation paths between pages or screens;
  • date and time;
  • pages viewed;
  • links clicked.
Third party source data:
  • profile information gathered from social networking sites;
  • information that you have viewed or interacted with our content;
  • company information;
  • job titles;
  • email addresses;
  • phone numbers;
  • addresses;
  • geolocation data.
The sources of this third party personal data may include:
  • Contact enrichment and lead generation providers; and
  • Targeted online advertising providers

We may collect the following personal data about our office visitors:

Registration, contact and company information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • company name;
Payment information:
  • credit card information;
  • billing and mailing addresses;
  • other payment-related information.
Visitation Data
  • time and date of arrival;
  • photograph ID;
  • signature;
  • CCTV footage.

We may collect the following personal data about our customers and end-users:

Registration and contact information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • mailing addresses;
  • company name;
  • your role in your company.
Payment information:
  • credit card information;
  • billing and mailing addresses;
  • other payment-related information.
Device data:
  • operating system type and version number, manufacturer and model;
  • browser type and language;
  • screen resolution;
  • IP address;
  • unique device identifiers.
Service data:
  • the website you visited before browsing to the services;
  • how long you spent on a page or screen;
  • navigation paths between pages or screens;
  • session date and time; activity status (including first seen, last seen, last heard from - and last contacted);
  • pages viewed;
  • links clicked;
  • language preferences
  • tags applied within customer accounts
  • Huma assigned user identifier.
Personal data entered into the service by user:
  • first and last names;
  • address;
  • email address;
  • phone number;
  • birth date;
  • gender;
  • nationality;
  • civil status;
  • job title;
  • employment type;
  • employment percentage;
  • date of hire;
  • first day of work;
  • date of termination;
  • last day of work;
  • employment ID;
  • bank account number;
  • passport number;
  • social security number;
  • names and date of birth of children;
  • names, relations and phone numbers of emergency contacts;
  • uploaded documents regarding personal data;

 

Third party source data
  • profile information gathered from social networking sites;
  • information that you have viewed or interacted with our content;
  • company information;
  • job titles;
  • email addresses;
  • phone number;
  • approximate geolocation data.
The sources of this third party personal data may include:
  • Our identity resolution and insight management provider; and
  • Our Geolocation IP intelligence provider

2.2 COOKIES AND OTHER TRACKING TECHNOLOGIES

Some device data, service data and third party source data is collected through the use of first or third party cookies and similar technologies. For more information, please see Huma's Cookie Policy

3. HOW AND WHY WE USE YOUR PERSONAL DATA

3.1 We collect and process your personal data for the following purposes and, if you are from the European Economic Area (EEA), the UK or Switzerland, on the following legal bases:

  • Offer and facilitate the delivery of Huma services and websites: We process your personal information to perform the contract with you for the use of our services and websites and to fulfill our obligations under the applicable terms of service. Where we have not entered into a contract with you, we process your personal information in accordance with our legitimate interests in operating and managing the Huma services and websites. For example, to create, manage and administer your account.

Communicate with you about the Huma Services and provide customer support: We may send you service, technical and other administrative notices depending on our legitimate interests in managing the Huma Services. For example, we may send you notifications about the availability or security of Huma Services. We also process your personal information to answer your comments and questions and to provide customer care and support.

Improving Huma Services and Websites: We process your personal data to improve and optimize Huma Services and Websites and to understand how you use Huma Services and Websites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality depending on our legitimate interests.

Send marketing communications: We process your personal information to send you marketing communications via email, mail or SMS about our products, services and upcoming events that may interest you in trusting our legitimate interests or where we seek your consent. See the "Your Choices and Privacy Rights" section below to learn how to control your marketing preferences.

Registration of office visitors: We process your personal data for security reasons and for the purpose of hosting your visit to the extent that processing is necessary for our legitimate interests in protecting our premises and confidential information against unauthorized access and the security of our employees and office visitors. .

Manage event registrations and attendance: We process your personal information to plan and host events you have registered for or that you attend, including sending related communications to you.

Maintain the security of the Huma’s services and websites: We process your personal data to control the unauthorized use or misuse of our services and websites, or otherwise detect, investigate or prevent activities that may be in violation of Huma policies or applicable laws, depending on our legitimate interests. to maintain and promote the security of our sites and services.

Displaying Custom Ads: We process your personal data to advertise for you and to provide personal information, including by displaying and managing ads on our sites and on third-party sites, depending on our legitimate interests in supporting our marketing activities and our advertising. products and services or, if necessary, to the extent that you have given your consent.

Conduct other legitimate business purposes: including invoicing, auditing, fraud monitoring and prevention.

Compliance with Legal Obligations: We process your personal data when we cooperate or comply with public and governmental authorities, courts or supervisory authorities in accordance with our obligations under applicable law and to protect against imminent damage to our rights, property or security, or our users. or the public, as required or permitted by law.

3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organizations can rely when processing personal data.

3.3 Please note these legal bases only apply to you if you are resident in the EEA, the UK or Switzerland.

3.4 If you have any questions about our legal bases for processing your personal data, please contact us at legal@hu.am.

4. SHARING YOUR PERSONAL DATA

4.1 We may disclose some or all of the personal data we collect to the following third parties:

To Huma Group Companies:

  • Huma AS;
  • Any such other group companies as may be added to this list from time to time.

Service Providers:

  • Consultants and vendors engaged by us to support our provision of the Huma Services and Sites and the operation of our business;
  • Any such other Service Providers as may be added to the Subprocessors list, from time to time.

Advertising Partners:

Third party advertising companies may use cookies and similar technologies to collect information about your activity on the Huma Services and other online services over time to serve you online targeted advertisements, including the companies listed in the third-party cookies section of our Cookie Policy.

Professional Advisors:

Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.

Compliance with Law Enforcement:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Enforce the terms and conditions that govern the Services; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Business Transfers:

  • Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Huma Group Companies (including, as part of a bankruptcy or similar proceeding).

4.2 Aggregated or anonymized information. We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.

4.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third party websites for more information about how your personal data is processed by them.

5. RETENTION OF YOUR PERSONAL DATA

5.1 We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy. If you would like more information about specific retention periods please contact legal@hu.ma .

5.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.

6. TRANSFERS OF YOUR PERSONAL DATA

6.1 The Huma Services and Sites are provided and hosted in the EU/EEA. If you are located outside the EU/EEA, we may transfer, and process, your personal data outside of the country in which you are resident to other Huma Group Companies and our service providers including to, Ireland and EU/EEA countries as we deem appropriate from time to time. We will protect your personal data in accordance with this Privacy Policy wherever it is processed.

6.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.

6.3 If you would like to find out more about international transfers, please contact our Data Protection Officer dpo@hu.ma.

7. HOW WE STORE AND SAFEGUARD PERSONAL DATA

We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards on our Security page.

9. YOUR CHOICES AND PRIVACY RIGHTS

9.1 Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK you have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
  • You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
  • You have the right to unsubscribe to marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may stop receiving them by clicking on the "unsubscribe" link in the communications we send you. 
  • Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here.

9.2 You can exercise any of these rights by submitting a request to our Data Protection Officer at dpo@hu.ma.

10. CHILDREN'S PRIVACY

Our Services and Sites are not intended for use by anyone under the age of 16. Huma does not knowingly collect personal information from anyone under the age of 16. If you are under 16, you may not attempt to register for our Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal information from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal information, please contact us at the email or mailing address provided at the end of this Privacy Policy.

11. CHANGES TO THIS NOTICE AND QUESTIONS

11.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy. 11.2 If you have any questions, comments or concerns about the way your personal data is being used or processed by Huma, please submit any questions, comments or concerns in writing to request to our Data Protection Officer at dpo@hu.ma.