This Privacy Policy (“Policy”) explains the information collection, use, and sharing practices of Heroify Ltd. (“we,” “us,” and “our”). Heroify Ltd. (“Heroify”) with its registered office at: Warsaw, 23/7 Padewska Street, 00-777 Warsaw, NIP: 5213930518, is the administrator of your personal data. Heroify is a competency testing platform that enables clients (“Clients”) to assign tests to candidates or employees (“Candidates”) for the assessment of competencies, aptitudes, and skills through the platform. Candidates are individuals who use the platform solely for the purpose of completing a test ordered by the Client.
Unless stated otherwise, this Policy describes and governs the information collection, use, and sharing practices of Heroify in relation to your use of our website (https://heroify.co) and the services (“Services”) that we provide and/or host on our servers.
Before you use or submit any information through or in connection with the Services, please carefully read this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as described in this Privacy Policy.
If you do not agree with this Policy, please do not use our Services.
Our Principles
We have designed this Policy to align with the following principles:
The Privacy Policy should be clear and easy to find.
Data collection, storage, and processing should be as simple as possible to enhance security, ensure consistency, and make practices easy to understand for users.
Data practices should meet reasonable user expectations.
Information We Collect
We collect information in multiple ways, including when you provide information directly to us, when we passively collect information from you, such as from your browser or device, and from third parties.
Information You Provide Directly to Us
We will collect any information that you provide to us. We may collect information from you in various ways, such as when: (a) you set up an online account, (b) you contact us or provide feedback, (c) you log into our platform to complete an assessment, or (d) you subscribe to our newsletter. This information may include, but is not limited to, your name, email address, phone number, IP address and connection time, as well as your geographic location. If you complete our online tests, we may also process other information, such as your responses to the tests available on our Service and the results, but we will do so as a data processor and on behalf of the company that organized the test for you.
Information Collected Automatically
Device/Usage Information
We may also collect information about how you access and use the Service (“Usage Data”). Usage Data may include information such as your Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
Cookies and other tracking technologies
We use cookies and similar tracking technologies to track activity on our site and store certain information. A cookie is a small text file that is placed on your computer when you visit the Website, which allows us to: (a) to recognize your computer; (b) to maintain your session as a user of the Website (after logging in), so that you do not have to re-enter your login and password on each sub-page of the Website; (c) to store your preferences and settings; (d) to ensure the proper functioning of selected features of the Website (e) to enhance your user experience by providing content tailored to your interests; (f) to collect anonymous statistics so that we can better understand your expectations; (g) to fulfill the purposes set forth below under “Relevant Marketing Techniques”; (h) to conduct searches and analysis; and (i) to support administrative functions related to security.
You can instruct your browser to reject all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use certain parts of our Service.
Examples of the cookies we use:
Strictly necessary session cookies. We use session cookies to operate our service.
Performance cookies. We use performance cookies to collect data about how visitors use the site, which pages of the site are most frequently visited, or whether error messages appear on web pages.
Security Cookies. We use security cookies for security purposes.
Cookies placed on your device may also be used by third parties cooperating with us, specifically: Google, Facebook, Twitter, HotJar.
How We Use Your Information
We may use the information we collect from you and about you for the following purposes:
To fulfill the purposes for which you provided it,
To conduct online chat and manage inquiries via online forms,
To present you with offers or information (not applicable to Candidates),
To deliver and enhance services, including developing new features or services, taking steps to secure the services, and to provide technical support and customer service,
To raise funds, accept donations, or process transactions, send you information about your interactions or transactions with us, notifications about your accounts or other messages like newsletters that you have subscribed to (not applicable to Candidates),
To process and respond to your inquiries or solicit your feedback, conduct analysis, research, and reports, including drawing conclusions from your use of our services,
To comply with the law and protect the rights, property, or safety of Heroify services, our users, and the public, and
To enforce our Terms of Service, including investigating potential violations thereof.
We may aggregate and/or anonymize information collected through the Services and use such data for research and marketing purposes.
Automated decision-making activities, including profiling, may be conducted in relation to you to deliver services based on the entered contract and for the purpose of direct marketing by the data controller.
Appropriate Marketing Techniques
We use statistical traffic analysis on our website through Google Analytics. No personal data are transferred to the service operator (Google Inc.), only anonymized information. This service relies on the use of cookies on the user’s end device. For information on user preferences gathered by Google’s advertising network, the user can view and edit information derived from cookies using the following tool: https://www.google.com/ads/preferences/.
We employ remarketing techniques to tailor advertising messages based on user behavior on the website, which may give the illusion that we are using personal data to track the user, but in reality, no personal data is transferred from us to advertising operators. The technological requirement for this is the activation of cookie handling.
We use a solution to study user behavior by creating heatmaps and recording behavior on the website. This information is anonymized before being sent to the service operator so that the operator does not know to whom the data refers. Specifically, passwords and other personal data entered are not recorded.
We also use a solution that automates the website’s interaction with users, for example, it may send emails to the user after they visit a certain page, provided that they have consented to receiving commercial correspondence from us.
When We Disclose Your Data
We may share your data with data processing entities acting on our behalf, but only to the extent necessary to achieve the aforementioned purposes. This applies to the following groups of recipients:
Web hosting companies under delegation,
Email service providers,
Law firms and debt collection agencies,
Payment operators,
Online chat solution providers,
Authorized employees and collaborators who use the data for the purpose of the website,
Companies that provide marketing services to us.
We may disclose your personal data to third parties based on your consent for such action. We may also disclose anonymized and/or aggregated data to third parties, including advertisers, promotional partners, and others.
Legal Basis for Processing Personal Data
Our legal grounds for processing your personal data are as follows:
Fulfilling Our Contractual Obligations to You
Much of the information we process is aimed at fulfilling our contractual obligations regarding the services provided to our users.
Legitimate Interests
In many cases, we process information based on the fact that it serves our legitimate interests in a manner that is not overridden by your interests or fundamental rights and freedoms, these include:
Customer service,
Marketing, including sending newsletters, advertising, and fundraising,
Protecting our users, staff, and property,
User account management,
Organizing and running events and programs,
Analyzing and improving our operations,
Legal affairs management,
We may also process information for the same legitimate interests of our users and business partners.
Legal Compliance
We may be required to use and disclose information in a specific way to fulfill our legal obligations.
Consent
Where required by law, and in some other cases where it is legally permissible, we process information based on consent. If we are processing your information based on your consent, you have the right to withdraw that consent, in accordance with applicable law.
Your Data Subject Rights
You have various rights with respect to the collection and use of your information through our Services. These choices include:
Unsubscribe from Emails
You can unsubscribe from our marketing emails at any time by clicking on the “Unsubscribe” link at the bottom of every newsletter or by sending an email to support@heroify.co requesting to unsubscribe.
Account Preferences
If you have registered on our site, you can update your account information or customize your email communication preferences by logging into your account and updating your settings.
EU Data Subject Rights
You have the following legal rights (subject to relevant exceptions and limitations):
To confirm whether we hold any information about you,
To access such information,
To correct or delete your information under appropriate circumstances (if the data is no longer needed for the purposes for which they were collected),
To withdraw consent at any time, if we are processing personal data based on consent,
To object to our processing of your information,
To restrict our processing of your information,
To request the transfer of your personal data to you or another organization,
To review automated decision-making – if we make automated decisions concerning you, you have the right to request a review of those decisions.
To exercise these rights, please send us an email at gdpr@heroify.co, specifying the nature of your request. You also have the right to contact the appropriate regulatory or legal authority directly, which in the case of Poland is the President of the Office for Personal Data Protection. However, we encourage you to contact us first so that we can resolve your concerns as promptly and effectively as possible.
International Transfers
If we transfer any information about you to third-party processors located outside the EEA, we will take appropriate measures (e.g., EU Standard Contractual Clauses) to ensure that such companies adequately protect your information in accordance with this Privacy Policy and other data protection regulations governing such transfers.
Security Measures
While 100% data transmission security over the internet or any other network can’t be guaranteed, we take all reasonable steps to safeguard the personal data we store. We have implemented technical, physical, and organizational security measures to protect against loss, misuse, and/or alteration of your information. These safeguards vary depending on the sensitivity of the information that we collect and store.
Data Retention
Your personal data will be stored on servers located in the European Union. We take suitable steps to protect your data in accordance with applicable local data protection laws.
We retain the information we collect for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as legally required or permitted. This means we retain different categories of data for varying time periods, depending on the type of data, the category of user it pertains to, and the purposes for which we collected it.
We delete accounts of inactive users if there has been no activity for at least a year since the last login. Users can also request account deletion at any time by sending an email to gdpr@heroify.co. Upon receiving a deletion request, we will remove the account and user data within 3 months, unless it must be retained due to legal or regulatory requirements, security, fraud prevention, or unresolved account issues like unpaid access to the platform or unresolved claims or disputes.
Links and Third-Party Services
Our services may contain links to third-party websites (e.g., social media platforms like Facebook and Twitter) and third-party plugins (e.g., Facebook’s “Like” button and Twitter’s “Follow” button). If you choose to use these sites or features, you may disclose your information not just to those third parties, but also their users and the public, depending on how their services operate. We are not responsible for the content or privacy practices of such third-party websites or services. Your collection, use, and disclosure of information will be subject to the privacy policies of these websites or services, and not this Privacy Policy. We encourage you to read the Privacy Policy of every website you visit.
Changes to this Privacy Policy
We will continue to review this Privacy Policy as we update and expand our Services and may make appropriate changes. Any changes will be posted here and the last update date will be corrected above. We encourage you to periodically review this page for updates to stay informed on how we collect, use, and share your information. If significant changes are made to this Privacy Policy, we will inform you in accordance with legal requirements.
Questions about this Privacy Policy
If you have any questions regarding this Privacy Policy or our privacy practices, you may contact us at: gdpr@heroify.co.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.