Privacy Shield Policy

Last Updated and Effective: August 23, 2020

EU-U.S. and Swiss-U.S. Privacy Shield Policy

Our Privacy Policy describes how we use Personal Data we receive from different sources. This Privacy Shield Policy describes how we process Personal Data covered by the Privacy Shield in all of our products and services, including the HighSide collaboration application, Microsoft Teams encryption application and Multi-factor Authentication platform.

HighSide, Inc. . (“HighSide”, “we”, “our” or “us”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the Untied Kingdom, and Switzerland to the United States.  HighSide, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern to the extent of the conflict.  To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/list

U.S. Federal Trade Commission Enforcement

HighSide’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Personal Data We Collect About You and How We Collect It

The HighSide platform is architected to never have access to the content of your message or channels.

We collect or may collect several types of information from and about users of the Site, the Applications and the Services, including:

• information by which you may be personally identified, such as name, postal address and e-mail address ("personal information");
• financial and billing information;
• analytics information
• information that is about you but individually does not identify you, such as IP address and date and time of visit;
• information contained in the comments and postings on or through the Site;
• device information such as the hardware model, operating system version, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number);
• location information when you use the Site, the Applications and the Services; and/or
• about your internet and mobile connections, the equipment and operating system you use to access the Site, the Applications and the Services.

The following is information that our server can see and is available to be changed:

• The history of events (when a contact was uploaded, when a user last connected, their IP ect.)
• User email address
• Phone number with which the user was invited to the team (this and the following are tracked separately)
• Phone number with which the user uses SMS-2FA
• Notification settings
• Active directory username
• Channel membership
• Team name
• List of each user’s displayed tabs
• Integration configuration. Though once data from an integration flows in and is sent to users, it is saved in such a way that it can never again be read or changed by the server.
• Starred messages

We collect this information:

• Directly from you when you provide it to us.
• From the administrators.
• Automatically as you navigate through the Site or use the Applications or the Services. Information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons and other tracking technologies.
• From third parties, for example, our business partners and other third parties that provide us or you with certain services.

Certain web transactions may also involve you calling us or our calling you. Please be aware that we may monitor and, in some cases, record such calls for staff training or quality assurance purposes.

Personal Information Definition

Information You Provide to Us. The information we collect on or through the use of the Site, the Applications and the Services may include:

• Information that you provide by registering or filling in forms or applications on or in connection with the Site, the Applications or the Services. This includes information provided in connection with registering to access and use the Applications and the Services, posting photos, comments and other information or requesting further services or products. We may also ask you for information when you report a problem with the Site, the Applications or the Services.
• Records and copies of your correspondence (including e-mail addresses), if you contact us.
• Your responses to surveys and questionnaires that we might ask you to complete for research and marketing purposes.
• Details of transactions you carry out through the Site, the Applications or the Services, including the selection of a service plan. You may be required to provide financial or payment information before being able to access the service plans and other services available through the Site, Applications or the Services.

You also may provide pictures, audio and video recordings, text, data, information and other input or any other content linked, posted, and/or submitted by you or other users to be published or displayed (hereinafter, "posted") on the Site, the Applications or the Services, or transmitted to other users of the Site, the Applications or the Services or third parties (collectively, "User Content"). Your User Content is posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Applications or the Site with whom your User Content is shared. Therefore, we cannot and do not guarantee that your User Content will not be viewed by unauthorized persons.

Information We Collect through Automatic Data Collection Technologies. As you navigate through and interact with the Site, the Applications or the Services, we use or may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

• Details of your use of the Applications and the Services or visits to the Site, including traffic data, location data, logs and other communication data and the resources that you access and use on the Site or the Applications.
• Information about your computer, mobile phone and other devices, internet and mobile connection, including your IP address, operating system and browser type.

The information that we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties or you provide to us. It helps us to improve the Site, the Applications or the Services and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize the Site, the Applications or the Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to the Site, the Applications or the Services.

If you do not want us to collect this information, do not download the Applications or delete them from your devices.

Use of Cookies and Other Tracking Technologies.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Site.
• Flash Cookies. Certain features of the Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on the Site. Flash cookies are not managed by the same browser settings as are used for browser cookies.
• Web Beacons. Pages of the Site and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit HighSide, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third Parties With Whom We May Share Customer Data

HighSide does not host any advertising or third-party data collection technologies on its websites or in its applications.

We do not control third parties' collection or use of your information to connect to HighSide’s infrastructure.

HighSide shares personal data with third parties for the following purposes:

• billing information to our payment processor;
• web analytics data to track our website traffic
• names and email addresses of our customers to our Help Desk application
• contact details of potential customers for our CRM application
• names and email addresses of people who opt in to our mailing list to our email marketing application

You may be able to opt out of receiving personalized advertisements from companies who are your Network Service Provider or who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/. You may also use TRUSTe's Preference Manager at http://preferences-mgr.truste.com.

Liability for onward transfer of personal data to third parties

Privacy Shield requires that, "In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage."

Access and Correction to Personal Data

HighSide acknowledges the right of EU, UK, and Swiss individuals to access their personal data pursuant to the Privacy Shield and will grant individuals reasonable access to personal information it received pursuant to these Principles. Our Privacy Policy explains how you may access and/or submit requests to review, correct, update, suppress, or delete Personal Data. You may also send us an e-mail at [email protected] to request access to, or to correct or delete any personal information that you have provided to us. We cannot delete certain of your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

HighSide has a requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements and its liability in cases of onward transfers to third parties.

Choice

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected]

If you are not a resident of the EEA or Switzerland or we have received your information from you through our websites, applications and services, please see our Privacy Policy for information about your choices. https://HighSide.io/privacy-policy

Dispute Resolution – Privacy Shield

In compliance with the Privacy Shield Principles, HighSide, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield.  European Union, the Untied Kingdom, and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact HighSide, Inc. at:

[email protected]

HighSide, Inc. has further committed to refer unresolved Privacy Shield complaints to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of BBB EU PRIVACY SHIELD are provided at no cost to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Information

If you have any questions regarding this Privacy Shield Policy, please contact us by [email protected] or write to us at: HighSide, Inc., 6751 Columbia Gateway Drive, Suite 300, Attn: HighSide, Inc., Columbia, MD 21046.