Effective Date: October 12, 2023
This policy describes how Hex Technologies Inc. (“we,” “us,” or “Company”) collects, aggregates, stores, safeguards and uses the data and information (including non-public personal information, or “NPI”) provided by users through our website, hex.tech (the “Site”), as well as information collected by us through other means, including by email, over the phone, or in offline communications. This Site is operated by the Company and has been created to provide information about our company, products, and services (together, the “Services”). This policy applies to the Site, the Services, and our mobile, tablet and other smart device applications, and application program interfaces (collectively, "Application"). The Site, Application and Services together are hereinafter collectively referred to as the “Site.”
We take your privacy and the security of your information seriously.
This policy explains:
- What information we collect
- How we use the information we collect
- How long we retain information we collect
- Choices you can make about the way your information is collected and used
- How we protect personal information electronically and physically
INFORMATION WE COLLECT
Information You Provide to Us
Company collects information from you when you choose to provide it to us through the Site or through any other means. This may include when you create an account on the Site, register or request products or services, request information from us, sign up for newsletters or our email lists, use our Site, or otherwise contact us.
The information we collect may include your name, address, email address, telephone or mobile phone number, and information from other third-party applications you connect to the Site. You may be required to provide certain personal and/or business information to apply for and receive Company products or services.
Information We Automatically Collect
You may adjust your browser or operating system settings to limit this tracking or to decline cookies, but by doing so, you may not be able to use certain features on the Site or take full advantage of all of our offerings. Check the "Help" menu of your browser or operating system to learn how to adjust your tracking settings or cookie preferences. Please note that our system may not respond to Do Not Track requests or headers from some or all browsers.
HOW WE USE INFORMATION WE COLLECT
Company may also use your personal data and other personally non-identifiable information collected through the Site or the provision of the Services to help us improve the content and functionality of the Site or the Services, to better understand our users and to improve the Site and the Services. Company and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.
OUR RETENTION OF YOUR PERSONAL DATA
Company will retain personal data we collect from you for so long as we have an ongoing legitimate business need to do so. We determine the appropriate retention period for personal data on the basis of the purpose for which we process the personal data, the amount, nature and sensitivity of your personal data processed, the potential risk of harm from unauthorized use or disclosure of your personal data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. Company may also retain your personal data during the period needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
SHARING OF INFORMATION WE COLLECT
Company is not in the business of selling your information. There are, however, certain circumstances in which we may share your personal data with certain third parties without further notice to you, as set forth below:
Agents, Consultants and Third Party Service Providers:
Company, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
Company may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Company, (iii) act in urgent circumstances to protect the personal safety of users of the Site, the Services or the public, or (iv) protect against legal liability.
LINKS TO OTHER WEBSITES
The Site may have links to third-party websites, which may have privacy policies that differ from our own. We are not responsible for the practices of such sites, nor does any such link imply that Company endorses or has reviewed the third-party site subject to such link. We suggest contacting those sites directly for information on their privacy policies.
CHILDREN AND MINORS
We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers and Site visitors. While we make reasonable efforts to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any personal data to the Company via the Internet.
ACCESS TO YOUR PERSONAL INFORMATION
To keep your personal data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct personal information in our possession that you have previously submitted via the Site.
INFORMATION FOR CALIFORNIA RESIDENTS
This section applies to the personal information we may collect from California residents that use the Site and our compliance with the California Consumer Privacy Act (“CCPA”).
The CCPA provides California residents that use the Site, subject to limitations, the right to request more details about the types or specific pieces of personal information we collect (as described in the “Information We Collect” section), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for making requests protected by the CCPA.
California residents that use the Site may make a request pursuant to their rights under the CCPA by contacting us at [email protected]. Please mark your inquiry “CCPA Request”. We will verify your request using the information you have provided to us in use of the Site, including email address. Government-issued identification may be required in order to process your request. California residents that use the Site can also designate an authorized agent to exercise these rights on their behalf.
INFORMATION FOR EEA USERS
If you live outside of the United States, you understand and agree that we may transfer your information to the United States. This site is subject to U.S. laws, which may not afford the same level of protection of those in your country. If you do not want your information transferred to the United States, do not use the Site.
What Rights Do I Have?
Individuals located in the European Economic Area (EEA) have certain rights in respect of your NPI, including the right of access, rectification, restriction, opposition, erasure and data portability. Where possible, we rely on user consent as a lawful basis for processing personal data and obtain such consent in compliance with applicable laws. In some cases, Company may process NPI pursuant to legal obligation or to protect your vital interests or those of another person.
How May I Exercise My Individual Rights?
Company users may access and update their NPI by sending an email to [email protected]. Users located within the EEA may contact us with questions or requests regarding their NPI using the contact information below. Please note that Company may request additional information from you to verify your identity before we disclose any personal or account information. We only send marketing communications to users we believe to be located in the EEA with your prior consent, and you may opt out of such communications at any time by clicking the “unsubscribe” link found within Company email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.
Who Can I Contact at Company Regarding Data Protection Issues?
Company has designated a Data Protection Officer to assist with data privacy and data protection issues. You may contact them by emailing [email protected] and addressing your questions or concerns to the Data Protection Officer.
EU/UK data subjects have the right to lodge a complaint with a supervisory authority concerning Company’s data processing activities.
UK data subjects may contact [email protected].
VeraSafe has been appointed as Company’s representative under the EU Network and Information Systems Directive (EU 2016/1148) in Ireland. If you represent a competent authority or CSIRT, as such terms are defined under the Directive, VeraSafe may be contacted on matters regulated under the Directive, in addition to [email protected], by means of the below contact information:
VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland
PARTICIPATION IN THE EU-U.S. DATA PRIVACY FRAMEWORK (EU-U.S. DPF), THE UK EXTENSION TO THE EU-U.S. DPF, AND THE SWISS-U.S. DATA PRIVACY FRAMEWORK (SWISS-U.S. DPF)
Company participates in the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) administered by the U.S. Department of Commerce. Company commits to comply with the DPF Principles with respect to Personal Data Company receives from the EU, United Kingdom and Switzerland in reliance on the DPF. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Company is responsible for the processing of personal data it receives under the DPF, and subsequently transfers to a third party acting as an agent on its behalf and for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
Company has further committed to cooperate with and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), and the UK Information Commissioner’s Office (ICO), and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF.
Finally, as a last resort and under limited circumstances, if your DPF complaint cannot be resolved through the above channels, EU, UK and Swiss individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
The Federal Trade Commission has jurisdiction over Company’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
IF YOU HAVE QUESTIONS
If you have any questions about this Privacy Statement or the practices described herein, you may contact us at [email protected].
CHANGES TO THIS STATEMENT