Privacy Notice

Table of Contents

Introduction
What information does Hannah collect?
How do we use the information
How and why do we share your data with third parties
How we secure your data
How and why we use cookies
Google Analytics
Your privacy rights
How can I exercise my data subject rights
International data transfers
Children
Linked websites
Changes to the Privacy Notice
Contact Us

Effective Date: 20/08/2018

Introduction
Hannah offers a portal to allow organisations to evaluate their compliance with various international standards and regulations. This privacy notice aims to inform you about how we collect, store, use and disclose information about users when they:

  1. Interact or use our websites, including downloading materials our resources (collectively the “Websites”).
  2. Use any of our products, services or applications (including any trial) (collectively the “Services”) in any manner.

What information does Hannah collect?
We gather various types of information, including information that identifies or may identify you as an individual (“Personal Information”) as explained in more detail below.

  1. Information You Provide to Us
    1. From Websites: We may collect any Personal Information that you choose to send to us or provide to us. If you contact us through the Websites, we will keep a record of our correspondence.
    2. From the Services: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and email address, to provide them with Services. The types of information we may collect directly from our customers and their users include: names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.
  2. Information We Automatically Collect.
    1. When you use the Websites: When you visit the Websites, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.
    2. When you use the Services:
      • Usage information – we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of the Services.
      • Log information – we log information about our customers and their users when you use one of the Services including Internet Protocol (“IP”) address.
      • Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.

For further information, please read the section below headed “Cookies and other Tracking Technologies” and/or read our Cookie Notice.

How do we use the information

  1. We will use the information we collect from our website:
      1. To administer our Website, our events (e.g. sending you event details and updates) and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
      2. To improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
      3. For trend monitoring, marketing and advertising;
      4. For purposes made clear to you at the time you submit your information;
      5. As part of our efforts to keep our Website secure.

    Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g. when you request a demo). For our customers, the use of personal data will be based on the contract we have in place.

  2. We will use the information we collect from our services:
    1. To set up a user account,
    2. Provide, operate and maintain the Services;
    3. Process and complete transactions, and send related information, including transaction confirmations and invoices;
    4. Manage our customers’ use of the Services, respond to enquiries and comments and provide customer service and support;
    5. Send customers technical alerts, updates, security notifications, and administrative communications;
    6. Investigate and prevent fraudulent activities, unauthorised access to the Services, and other illegal activities; and
    7. For any other purposes about which we notify customers and users.

We use your Personal Information in this context based on the agreement that we have in place with you. Personal Information will be deleted based on the agreement.

How and why do we share your data with third parties

We do not rent or sell your Personal Information to anyone. We may share and disclose information (including Personal Information) about our customers in the following limited circumstances:

              1. We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies, product feedback or help desk software providers, CRM service providers, email service providers and others.
              2. If Hannah transfers your Personal Information to the United States for processing with a third party agent or service provider, Hannah remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by our data protection commitments (see the section below headed “International Data Transfers”).
              3. We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
              4. We may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Notice.
              5. We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of Hannah, our employees, our users, or others.
              6. Disclosures for National Security or Law Enforcement:
                Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

How we secure your data

Hannah implements the following technical, physical and organisational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised use, unauthorised modification, disclosure or access and against all other unlawful forms of processing.

              1. All personnel are subject to full confidentiality and any subcontractors and sub-processors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.
              2. Whenever personal data is accessed by authorised personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorised to obtain access.
              3. Any authorised personnel device being used to access personal data is login protected by Hannah’s internal access control. All devices have Hannah’s corporate antimalware solution installed and users do not have admin rights. All devices have full disk encryption enabled and we have a strict policy of no personal data to be copied and stored on devices.
              4. Personal data is never copied and stored on mobile media like USB sticks and DVD’s.
              5. All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorised personnel. Hannah’s Security and Privacy Officer issues authorisations and maintains a log of granted authorisations. Authorized personnel are granted a minimum access on a need-to-have basis through our internal access control.
              6. The overall responsibility for data security lies with Hannah’s Security Officer who educates and updates all personnel on the data security measures outlined in Hannah’s security handbook and this Privacy Policy.
              7. Hannah uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorised or accidental changes are made.
              8. System performance and availability is monitored from both internal and external monitoring services.
              9. Hannah only use third-party hosting providers which are certified to ISO/IEC 27001:2013.
              10. In the event that your data is compromised, Hannah will notify you and the relevant authorities within 72 hours by email with information about the extent of the breach, affected data, any impact on the Service and Hannah’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

How and why we use cookies

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. We also use third party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

              1. Assisting you in navigation;
              2. Assisting in registration to our services and login;
              3. Analysing your use of our products, services or applications;
              4. Assisting with our promotional and marketing efforts.

Below is a detailed list of the cookies we use on our Website. Our Website is scanned with a cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

              1. Strictly Necessary Cookies
              2. Performance Cookies
              3. Functional Cookies
              4. Targeting Cookies

You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the “cookie settings” button at the bottom of the page or in our Cookie Notice.

Google Analytics

We also utilize Google Analytics, a web analysis service provided by Google, to better understand your use of our Websites and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google offers an opt-out mechanism for the web available here. Please consult our Cookie Notice for more information about the type of cookies and tracking technologies that we use on this Website and why, and how to accept and reject them.

Your privacy rights

              1. You can always opt not to disclose information to us, please bear in mind that some of the information is needed to register with us and use our Services.
              2. You can accept or reject cookies by clicking on the “cookie settings” button at the bottom of the page or in our Cookie Notice.
              3. You can opt-out of receiving promotional and marketing email communication from us at any time using the “unsubscribe” links provided. If you have an account for our Services, we will still send you non-promotional email communication about the Services feature update and the status.

How can I exercise my data subject rights

If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can email [email protected] Our privacy team will examine your request and respond to you as quickly as possible. Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you are a resident of the European Economic Area, please see the section below headed “Additional Information for users in the European Economic Area” for further information about your privacy rights.

International data transfers

Personal Information you submit on the Websites or through the Services is hosted within the EU and will be primarily processed by us in the EU. We do however use third-party services hosted in other countries. These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information in accordance with this Privacy Notice wherever it is processed.

Children

We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at [email protected]

Linked websites

For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit to understand how the information that is collected about you is used and protected.

Changes to the Privacy Notice

We are constantly trying to improve our Websites and Services, so we may need to change this Privacy Notice from time to time as well. We will alert you to material changes by, for example, placing a notice on our Websites and/or by sending you an email (if you have registered your email details with us) when we are required to do so by applicable law. You can see when this Privacy Notice was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Notice.

Contact Us
Please contact the Data Controller at:

Hannah Compliance Solutions Ltd
Ireland
Telephone: +353 (0)1 254 4707
Email: [email protected]
Company number: 618293