Privacy Policy
- Introduction
This Privacy Policy ("Policy") is entered into by and between HawkenAQ, Inc., a Delaware corporation (the "Company"), and the Customer ("Customer"). The Company and Customer may be referred to individually as a "Party" and collectively as the "Parties." This Policy governs the collection, use, and disclosure of personal data by the Company in connection with the provision of its software applications and services (the "Services") to the Customer. The Company is committed to protecting the privacy of the personal data it collects and processes in compliance with applicable data protection laws and regulations, including the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"). By using the Services, the Customer agrees to the terms of this Policy and consents to the collection, use, and disclosure of personal information as described herein. - Types of Personal Data Collected
2.1 In the course of providing the Services to the Customer, the Company may collect, process, and store certain types of Personal Data. For the purposes of this Privacy Policy, "Personal Data" means any information relating to an identified or identifiable natural person, as defined under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2.2 The types of Personal Data collected by the Company may include, but are not limited to:
(a) Contact information, such as name, email address, mailing address, and phone number;
(b) Professional information, such as job title, company name, and industry;
(c) Account information, such as username, password, and account preferences;
(d) Billing information, such as credit card details and billing address;
(e) Usage information, such as information about how the Customer uses the Services, including access times, browser types, and device information;
(f) Technical information, such as IP addresses, log data, and other information related to the Customer's interaction with the Services; and
(g) Any other information that the Customer voluntarily provides to the Company in connection with the use of the Services.
2.3 The Company may also collect, process, and store Personal Data from third-party sources, such as social media platforms, public databases, and data providers, in accordance with applicable laws and regulations.
2.4 The Company may use cookies, web beacons, and other tracking technologies to collect certain types of Personal Data automatically. The Customer may manage their cookie preferences through their browser settings.
2.5 The Company may combine the Personal Data collected from the Customer with information obtained from other sources, in order to enhance the Services and provide a more personalized experience for the Customer. - Purpose and Legal Basis for Processing Personal Data
3.1 The Company collects and processes Personal Data for the purpose of providing the Services to the Customer, improving the Services, and ensuring the security and integrity of the Services. The Company processes Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
3.2 The legal basis for the Company's processing of Personal Data includes:
(a) Performance of a contract: The Company processes Personal Data to fulfill its contractual obligations to the Customer, including providing the Services, customer support, and billing.
(b) Legitimate interests: The Company processes Personal Data to improve the Services, maintain the security and integrity of the Services, and for other legitimate business purposes, such as marketing and analytics.
(c) Compliance with legal obligations: The Company processes Personal Data as required by applicable laws and regulations, including responding to lawful requests for information from government authorities.
(d) Consent: In certain circumstances, the Company may process Personal Data based on the Customer's consent, which may be withdrawn at any time.
3.3 The Company implements appropriate technical and organizational measures to ensure the security of Personal Data, including encryption, access controls, and regular security assessments. The Company is committed to protecting the confidentiality, integrity, and availability of Personal Data and will promptly notify the Customer in the event of a data breach involving Personal Data. - Data Retention
4.1 Retention Period. The Company shall retain the personal data collected from the Customer for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which the Company processes the personal data and whether those purposes can be achieved through other means, and the applicable legal requirements.
4.2 Deletion or Anonymization. Upon the expiration of the retention period, or upon the Customer's request, the Company shall securely delete or anonymize the personal data in accordance with applicable laws and regulations, unless the Company is required to retain such data to comply with legal obligations, resolve disputes, or enforce agreements.
4.3 Data Backup. The Company shall maintain appropriate backup and archiving procedures to ensure the integrity and availability of the personal data. In the event of a data loss, the Company shall use commercially reasonable efforts to restore the lost data from the most recent backup.
4.4 Data Portability. Upon the Customer's request, the Company shall provide the Customer with a copy of their personal data in a structured, commonly used, and machine-readable format, to the extent required by applicable laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
4.5 Third-Party Data Retention. The Company may engage third-party service providers, such as analytics or email service providers, to process personal data on its behalf. The Company shall ensure that such third-party service providers comply with the data retention requirements set forth in this Section 4 and applicable laws and regulations. - Data Security
5.1 Security Measures. The Company shall implement and maintain appropriate technical and organizational security measures designed to protect the security, confidentiality, and integrity of Customer's Personal Data against unauthorized or unlawful access, use, disclosure, alteration, or destruction. Such measures may include access controls, encryption, secure storage, security testing, and other controls deemed appropriate by Company.
5.2 Compliance with Laws. The Company shall comply with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), in its collection, processing, storage, and transfer of Customer's Personal Data.
5.3 Third-Party Service Providers. The Company may engage third-party service providers to perform certain functions on its behalf, such as analytics or email services.
5.4 Data Breach Notification. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer's Personal Data, the Company shall promptly notify Customer of such breach and take all reasonable steps to mitigate the effects of the breach and prevent any further breaches. The Company shall cooperate with Customer in any investigation or notification required by applicable law or regulation.
6. Third-Party Service Providers
The Company may engage third-party service providers to perform certain functions on its behalf, including, but not limited to, data storage, data analysis, customer support, cloud hosting, email delivery, and other services that support the Company's business operations (collectively, "Third-Party Service Providers"). The Company may share Customer's Personal Data with such Third-Party Service Providers to the extent necessary for them to perform their respective functions.
In the event that a Third-Party Service Provider processes Personal Data in a manner that is inconsistent with the terms of this Privacy Policy or applicable data protection laws, the Company shall take reasonable steps to promptly terminate its relationship with such Third-Party Service Provider and, if necessary, seek the return or deletion of any Personal Data that was processed by such Third-Party Service Provider in violation of this Privacy Policy or applicable data protection laws.
Customer acknowledges and agrees that the Company may change its Third-Party Service Providers from time to time, and that the Company shall provide notice of any such changes by updating this Privacy Policy. Customer's continued use of the Services after any such update shall constitute Customer's acceptance of the updated Privacy Policy and any changes to the Company's Third-Party Service Providers.
7. Rights of Data Subjects
7.1 In accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), data subjects whose Personal Data is processed by the Company have certain rights. These rights include:
(a) Right to Access: Data subjects have the right to request access to their Personal Data held by the Company. The Company shall provide a copy of the Personal Data, free of charge, in an electronic format.
(b) Right to Rectification: Data subjects have the right to request the Company to correct any inaccurate or incomplete Personal Data.
(c) Right to Erasure: Data subjects have the right to request the Company to delete their Personal Data, subject to certain exceptions, such as when the Personal Data is necessary for the performance of a contract or to comply with a legal obligation.
(d) Right to Restriction of Processing: Data subjects have the right to request the Company to restrict the processing of their Personal Data under certain circumstances, such as when the accuracy of the Personal Data is contested or when the processing is unlawful.
(e) Right to Data Portability: Data subjects have the right to receive their Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance from the Company.
(f) Right to Object: Data subjects have the right to object to the processing of their Personal Data for direct marketing purposes or when the processing is based on the Company's legitimate interests.
(g) Right to Withdraw Consent: Where the processing of Personal Data is based on consent, data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
7.2 To exercise any of these rights, data subjects may contact the Company using the contact information provided in this Privacy Policy. The Company shall respond to such requests in accordance with applicable data protection laws and within a reasonable time.
7.3 The Company may require data subjects to provide proof of their identity before processing any request related to their Personal Data. If the data subject is unable to provide proof of identity, the Company may refuse to process the request.
8. International Data Transfers
8.1 In the course of providing the Services to the Customer, the Company may transfer Personal Data to countries outside of the Customer's country of residence, including to the United States, where the Company and its third-party service providers maintain facilities. By using the Services, the Customer consents to the transfer of Personal Data to countries outside of their country of residence, including the United States.
8.2 The Company shall ensure that any such international transfers of Personal Data are carried out in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). To the extent required by applicable law, the Company shall implement appropriate safeguards to protect the Personal Data transferred.
8.3 The Customer acknowledges and agrees that it is responsible for complying with all applicable data protection laws in connection with its use of the Services, including obtaining any necessary consents from data subjects for the processing of their Personal Data by the Company and its third-party service providers.
9. California Consumer Privacy Act (CCPA) Compliance
9.1 Compliance with CCPA. The Company is committed to complying with the California Consumer Privacy Act (CCPA) and its regulations. The Company shall take all necessary steps to ensure that the processing of personal information collected from California residents is in accordance with the CCPA and any other applicable data protection laws.
9.2 Categories of Personal Information. In accordance with the CCPA, the Company may collect the following categories of personal information from Customers who are California residents: (a) identifiers, such as name, email address, and IP address; (b) commercial information, such as records of products or services purchased, obtained, or considered; (c) internet or other electronic network activity information, such as browsing history, search history, and information regarding a Customer's interaction with the Company's website or application; (d) professional or employment-related information; and (e) inferences drawn from any of the information identified above to create a profile about a Customer reflecting the Customer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
9.3 Purposes for Collecting Personal Information. The Company collects, uses, and discloses personal information from Customers who are California residents for the following business purposes: (a) to provide, maintain, and improve the Company's products and services; (b) to communicate with Customers, including providing customer support and responding to inquiries; (c) to personalize and enhance the Customer's experience with the Company's products and services; (d) to analyze and understand how Customers use the Company's products and services; (e) to detect, prevent, and address security incidents, fraud, and other illegal activities; (f) to comply with applicable laws, regulations, and legal processes; and (g) for any other purpose disclosed to the Customer at the time the personal information is collected or as otherwise required or permitted by the CCPA.
9.4 Sale of Personal Information. The Company does not sell personal information of Customers who are California residents, as defined under the CCPA.
9.5 Customer Rights under CCPA. Customers who are California residents have the following rights under the CCPA: (a) the right to request that the Company disclose the categories and specific pieces of personal information it has collected about the Customer; (b) the right to request that the Company delete any personal information about the Customer that the Company has collected, subject to certain exceptions; (c) the right to request that the Company disclose the categories of personal information it has collected, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting or selling the personal information, the categories of third parties with whom the Company shares personal information, and the specific pieces of personal information the Company has collected about the Customer; and (d) the right to not be discriminated against for exercising any of the Customer's rights under the CCPA.
9.6 Exercising CCPA Rights. To exercise any of the rights under the CCPA, Customers who are California residents may contact the Company by emailing support@gethawken.com. The Company will respond to verifiable requests in accordance with the CCPA and any applicable regulations.
10. General Data Protection Regulation (GDPR) Compliance
10.1 Compliance with GDPR. The Company shall process Personal Data (as defined under the GDPR) in accordance with the GDPR and other applicable data protection laws. The Company has implemented appropriate technical and organizational measures to ensure the protection of Personal Data and to comply with its obligations under the GDPR.
10.2 Data Processing. The Company shall process Personal Data only for the purposes of providing the Services to the Customer and in accordance with the Customer's documented instructions, unless required to do so by applicable law. In such a case, the Company shall inform the Customer of that legal requirement before processing, unless prohibited by law.
10.3 Data Processor and Data Controller. For the purposes of the GDPR, the Customer shall be the Data Controller and the Company shall be the Data Processor with respect to Personal Data processed under this Privacy Policy. The Company shall not process Personal Data for any other purpose or in a way that does not comply with this Privacy Policy or the GDPR.
10.4 Subprocessors. The Company may engage third-party subprocessors to process Personal Data on behalf of the Customer.
10.5 Data Subject Rights. The Company shall, to the extent legally permitted, promptly notify the Customer if it receives a request from a Data Subject to exercise their rights under the GDPR, including the right to access, rectify, erase, restrict, or object to the processing of their Personal Data, or to receive a copy of their Personal Data in a structured, commonly used, and machine-readable format. The Company shall not respond to such requests without the Customer's prior written consent, unless required by law.
10.6 Data Breach Notification. In the event of a Personal Data breach, the Company shall, without undue delay, notify the Customer and provide reasonable assistance to the Customer in complying with its obligations under the GDPR, including the obligation to notify the relevant supervisory authority and affected Data Subjects, where applicable.
10.7 Deletion or Return of Personal Data. Upon the Customer's request, the Company shall, at the Customer's choice, delete or return all Personal Data processed on behalf of the Customer, and delete any existing copies, unless contract or applicable law requires the retention of such Personal Data.
11. Changes to this Privacy Policy
The Company reserves the right, at its sole discretion, to modify or replace this Privacy Policy at any time. If a revision is material, the Company will provide at least thirty (30) days' notice prior to any new terms taking effect. The Company will notify the Customer of any changes to this Privacy Policy by posting the updated Privacy Policy on its website and/or by sending an email notification to the Customer's designated contact. It is the Customer's responsibility to review this Privacy Policy periodically for any changes. The Customer's continued use of the Services following the posting of any changes to this Privacy Policy constitutes acceptance of those changes. If the Customer does not agree to the changes, the Customer must cease using the Services and notify the Company in writing.
12. Contact Information
If the Customer has any questions or concerns regarding this Privacy Policy, or if the Customer wishes to exercise any rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), the Customer may contact the Company using the following information:
HawkenAQ, Inc.
Attn: Privacy Officer
9450 SW GEMINI DR PMB 74601
Beaverton Oregon 97008
United States
Email: support@gethawken.com