Last updated: June 11, 2018
You may come visit and stay on our Website without identifying yourself, yet certain third-party analytics tools may collect the following information, including: browser type, browser language, IP address, operating system, Website access times, click events, keyboard events, mouse moves, screen color depth, screen resolution, host name, session ID (meaning recognizing if you have visited the Website before), and cookie values.
However, when you want to:
- (a) contact us for general questions, technical support, enterprise/OEM inquiry, request for quotation, request for discount, business support, business opportunity, and the like – you will be asked to provide us with your full name, company name, email address, and further information in the “your message” section of the contact form, some of which data may qualify under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) as personal data or call for the treatment as prescribed in said Regulation (“GDPR”);
- (b) create an account with us – you will be asked to provide us with your email address and password;
- (c) make a purchase of any of our Services – you will be asked to provide us with your full name, email address, either your private address or company address, and – if you choose to pay by credit or debit card – your card credentials.
We don’t, or at least do not intend to, process personal data of children or special categories of personal data. Our Services are for persons of age or businesses – legally qualified to enter agreements with or fulfill commitments to HOC.
Grounds and Purposes
Your personal data that we collect and further process helps us provide you with the most relevant Website content and user experience as well as high quality Services. We use the personal data you provide us with:
- (a) when you want to contact us – to answer, satisfy or otherwise address your questions, inquiries, requests, and the like;
- (b) in respect of an account – to create the account, and to let you smoothly access, better navigate, and use other features relating to our Website or Services, your orders, billing, forum, or FAQ section;
- (c) when you want to make a purchase to determine your needs, define contractual terms, and perform our obligations under a contract for the provision of our software products or services. Information concerning your credit or debit card is necessary for Bright Market, LLC d/b/a FastSpring. 801 Garden St., Santa Barbara, CA 93101 (“Provider”) to process your order and complete your payment; once your payment is processed, Provider will send us only the information we need to give you the relevant license information and the license key to the software product;
- (d) combined with information related to your activity within our Website or Services – (i) for analytical purposes (email address), (ii) to enforce or defend legal claims and to prevent fraud and abuse (account and contract details), and (iii) to create and use your profile for marketing purposes (various). Apart from that, we may use your personal data in order to (iv) send you communication related to the use or functioning of our Website or Services (in particular system and transactional e-mails), and (v) provide support, and monitor the quality of our Website and Services.
The question of “why” involves both purposes as defined above and legal grounds to be detailed below. Where the personal data of yours is necessary for us to create, use, or maintain your account within our Website or to prepare, execute, or cater for the purchase of our Services the processing of your personal data will take place based on “contract” (see: Article 6.1.b GDPR). Where the personal data of yours is necessary for us to, for example, market our Services (keep you posted about our Services, offer you a chance to participate in promotions or contests, engage you in other marketing communication), prevent fraud, ensure network and information security the processing will take place based on “legitimate interests” (see: Article 6.1.f GDPR). However, if we cannot rely on “contract” or “legitimate interests” grounds, in particular where there is no relevant and appropriate relationship between us (you’re not our client or employee), then we will ask for your “consent” to process your personal data in compliance with the GDPR (see: Article 6.1.a GDPR). In doing so, we will take care that your agreement to the processing is freely given, specific, informed and unambiguous – you may withdraw your consent at any time; the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
On top of that it is fair to say that we do not subject you to a decision based solely on automated processing, including profiling, which produces legal effects concerning or similarly significantly affecting you. Therefore, your right not to be subject to such decisions as stipulated in Article 22 GDPR, will not be spelled out in the next chapter. Along the same lines, we will not dwell much on instances where processing takes place based on “vital interests” or “public tasks”, as these do not feature in our business activities.
You have the right to:
- (a) know if we process your personal data; if we do, you may: (i) access your personal data, and (ii) receive a copy of your personal data (collectively, “right of access”, as defined in Article 15 GDPR) – the first copy is free of charge; for any further copies you request, we may charge you a reasonable fee based on the administrative costs;
- (b) complete or otherwise rectify the personal data you provide us with (“right to rectification”, as defined in Article 16 GDPR);
- (c) erase your personal data (“right to erasure”, as defined in Article 17 GDPR) if either: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you withdraw consent on which processing is based and there is no other legal ground for the processing, (iii) the personal data has been unlawfully processed or has to be erased to comply with a legal obligation, (iv) the personal data have been unlawfully processed, or (v) otherwise as defined in Article 17.1 GDPR; however, we may keep some of your personal data if the processing is necessary for the establishment, exercise or defense of legal claim or compliance with a legal obligation, or otherwise as set forth in Article 17.3. GDPR;
- (d) obtain restriction of processing (“right to restriction of processing”, as defined in Article 18 GDPR) when either: (i) you contest the accuracy of your personal data; (ii) the processing of your personal data is unlawful, and you request the restriction of their use instead of erasing it, (iii) we no longer need your personal data, but you require them to establish, exercise, or defend legal claims, or (iv) you object to the processing of your personal data – anyhow, we will make some of the features of our Website or Services connected to the processing of the personal data subject to restriction unavailable to you while we review your request;
- (e) object, on grounds relating to your particular situation, at any time to processing of your personal data based on “legitimate interest”, including profiling (“right to object”, as defined in Article 21 GDPR); as regards direct marketing, no grounds are needed and we cannot rely on any compelling legitimate grounds to override your interests, rights, and freedoms behind the objection – when you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes; simple as that;
- (f) portability (“right to data portability”, as defined in Article 20 GDPR) – the personal data provided by you and processed by us by automated means based on consent or a contract as between ourselves will be provided to you or transmitted to another controller in a structured, commonly used and machine-readable format;
- (g) lodge a complaint with a supervisory authority.
You may exercise your rights by filing a demand to the following email address: firstname.lastname@example.org. If we deem it reasonably necessary, we may ask you additional questions or ask you to provide us with additional documents – to confirm your identity and entitlement. However, if you don’t want to receive email notifications from HOC, you may simply unsubscribe from our newsletter. The unsubscribe instructions are placed at the bottom of each email you receive.
At the time of your browsing our Website, our servers automatically collect information sent by your browser and included in log files. The information may include a variety of data, in particular email address, IP address, browser type, internet site you visited immediately prior to accessing our Website, the time of accessing our Website, and other statistical data. HOC may use the information for the purposes of conclusion, amendment, termination of a contract with you, if any, and to ensure the highest quality of our Services, as well as for technical and statistical purposes.
As a general rule HOC commits to discontinue processing personal data after you have ceased to use our Website or Services. HOC may continue to process your personal data after you have ceased to use our Website or Services if the personal data: (i) is necessary for the settlement of dues or satisfaction of claims for payment for the use of our Services; (ii) is anonymized and necessary for the purposes of advertising, market research, or your behavior and preferences studies, and the results of the same are to improve the quality of our Services; (iii) is necessary to clarify the circumstances of unauthorized use of our Website or Services; or (iv) may be processed on the basis of applicable laws or agreements.
If HOC becomes aware or informed that you have abused our Website or Services, we may process your personal data to the extent necessary to determine your liability, provided that we record receipt and contents of the information for evidentiary purposes. We may inform you of unauthorized activities and demand their immediate cessation.
Third Party Analytics, Advertising and Remarketing Tools
Based on data collected by Google Analytics we may also build custom audiences of people who have visited some of our Website’s pages and/or made a conversion on our Website for showing these audiences relevant ads with the help of Google Adwords Remarketing feature. This process doesn’t involve using any of your personal data. Your personal data is not being disclosed or transferred in any way to Google. You may adjust your preferences connected to Google Adwords ads you want or don’t want to see here: https://www.google.com/settings/u/0/ads/authenticated.
Recipients, and third country transfers
We use the services of third-party providers, who process your personal data as processors (meaning, a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller). They provide us with services related to: supporting certain features of our Website or Services, hosting, customer support, tracking security incidents and responding to them, diagnosing and solving problems with our Website or Services, web push notification display, analysis of marketing campaigns efficiency as well as analysis of use of our Website and Services. However, we also cooperate with service providers who themselves determine the purposes and means of processing your data, in order to carry out remarketing campaigns and statistical analysis.
Recipients (meaning, a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not) who we transfer the data to are based mainly in Poland and other countries of the European Economic Area (EEA). As for those who are based outside of the EEA we’ve made sure that they guarantee a high level of personal data protection, as evidenced by their participation in the „EU-US Privacy Shield” program ( https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
Information Security and Data Sharing
We take all appropriate measures to ensure the security of your personal data when you contact us, purchase our Services, or subscribe to our newsletter. All private information entered by you is transferred via special security systems and automatically encrypted using SSL (Sockets Layer Protocol). SSL is the industry standard for transferring sensitive data over the internet. Access to your personal information is restricted to those HOC employees who need to have access to it and bear responsibility for keeping your information confidential.
We do not sell, rent or give out personal information to any third party. We may involve third-party service providers to assist us in conducting our business (for instance, sending marketing newsletters or surveys) and share with them some of your private data necessary for that purpose if you have given us your consent and if the third party agrees to keep this information confidential. We will not use your information for any purpose outside the scope of communicating with you about our Services.
Our Website contains hyperlinks (for instance, in the form of logos of entities external to HOC) that, if clicked on, redirect you to external websites. Application of such reference must not be so understood as to imply any kind of association between HOC and the entity to which the external website belongs. Neither may HOC be held liable for the consequences of this kind of redirection nor does HOC determine the content of external websites. We bear no responsibility for the terms and conditions of privacy and security policies in force on those websites, or for cookies used while browsing any such external websites. We encourage you using this kind of reference to consult the contents of the relevant documents in force on external websites.