Unless stated otherwise, this Policy describes and governs the information collection, use, and sharing practices of Heroify in relation to your use of our website (https://heroify.co) and the services (“Services”) that we provide and/or host on our servers.
If you do not agree with this Policy, please do not use our Services.
We have designed this Policy to align with the following principles:
Data collection, storage, and processing should be as simple as possible to enhance security, ensure consistency, and make practices easy to understand for users.
Data practices should meet reasonable user expectations.
Information We Collect
We collect information in multiple ways, including when you provide information directly to us, when we passively collect information from you, such as from your browser or device, and from third parties.
Information You Provide Directly to Us
We will collect any information that you provide to us. We may collect information from you in various ways, such as when: (a) you set up an online account, (b) you contact us or provide feedback, (c) you log into our platform to complete an assessment, or (d) you subscribe to our newsletter. This information may include, but is not limited to, your name, email address, phone number, IP address and connection time, as well as your geographic location. If you complete our online tests, we may also process other information, such as your responses to the tests available on our Service and the results, but we will do so as a data processor and on behalf of the company that organized the test for you.
Information Collected Automatically
We may also collect information about how you access and use the Service (“Usage Data”). Usage Data may include information such as your Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
Cookies and other tracking technologies
You can instruct your browser to reject all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use certain parts of our Service.
Examples of the cookies we use:
Strictly necessary session cookies. We use session cookies to operate our service.
Performance cookies. We use performance cookies to collect data about how visitors use the site, which pages of the site are most frequently visited, or whether error messages appear on web pages.
Security Cookies. We use security cookies for security purposes.
Cookies placed on your device may also be used by third parties cooperating with us, specifically: Google, Facebook, Twitter, HotJar.
How We Use Your Information
We may use the information we collect from you and about you for the following purposes:
To fulfill the purposes for which you provided it,
To conduct online chat and manage inquiries via online forms,
To present you with offers or information (not applicable to Candidates),
To deliver and enhance services, including developing new features or services, taking steps to secure the services, and to provide technical support and customer service,
To raise funds, accept donations, or process transactions, send you information about your interactions or transactions with us, notifications about your accounts or other messages like newsletters that you have subscribed to (not applicable to Candidates),
To process and respond to your inquiries or solicit your feedback, conduct analysis, research, and reports, including drawing conclusions from your use of our services,
To comply with the law and protect the rights, property, or safety of Heroify services, our users, and the public, and
To enforce our Terms of Service, including investigating potential violations thereof.
We may aggregate and/or anonymize information collected through the Services and use such data for research and marketing purposes.
Automated decision-making activities, including profiling, may be conducted in relation to you to deliver services based on the entered contract and for the purpose of direct marketing by the data controller.
Appropriate Marketing Techniques
We employ remarketing techniques to tailor advertising messages based on user behavior on the website, which may give the illusion that we are using personal data to track the user, but in reality, no personal data is transferred from us to advertising operators. The technological requirement for this is the activation of cookie handling.
We use a solution to study user behavior by creating heatmaps and recording behavior on the website. This information is anonymized before being sent to the service operator so that the operator does not know to whom the data refers. Specifically, passwords and other personal data entered are not recorded.
We also use a solution that automates the website’s interaction with users, for example, it may send emails to the user after they visit a certain page, provided that they have consented to receiving commercial correspondence from us.
When We Disclose Your Data
We may share your data with data processing entities acting on our behalf, but only to the extent necessary to achieve the aforementioned purposes. This applies to the following groups of recipients:
Web hosting companies under delegation,
Email service providers,
Law firms and debt collection agencies,
Online chat solution providers,
Authorized employees and collaborators who use the data for the purpose of the website,
Companies that provide marketing services to us.
We may disclose your personal data to third parties based on your consent for such action. We may also disclose anonymized and/or aggregated data to third parties, including advertisers, promotional partners, and others.
Legal Basis for Processing Personal Data
Our legal grounds for processing your personal data are as follows:
Fulfilling Our Contractual Obligations to You
Much of the information we process is aimed at fulfilling our contractual obligations regarding the services provided to our users.
In many cases, we process information based on the fact that it serves our legitimate interests in a manner that is not overridden by your interests or fundamental rights and freedoms, these include:
Marketing, including sending newsletters, advertising, and fundraising,
Protecting our users, staff, and property,
User account management,
Organizing and running events and programs,
Analyzing and improving our operations,
Legal affairs management,
We may also process information for the same legitimate interests of our users and business partners.
We may be required to use and disclose information in a specific way to fulfill our legal obligations.
Where required by law, and in some other cases where it is legally permissible, we process information based on consent. If we are processing your information based on your consent, you have the right to withdraw that consent, in accordance with applicable law.
Your Data Subject Rights
You have various rights with respect to the collection and use of your information through our Services. These choices include:
Unsubscribe from Emails
You can unsubscribe from our marketing emails at any time by clicking on the “Unsubscribe” link at the bottom of every newsletter or by sending an email to firstname.lastname@example.org requesting to unsubscribe.
If you have registered on our site, you can update your account information or customize your email communication preferences by logging into your account and updating your settings.
EU Data Subject Rights
You have the following legal rights (subject to relevant exceptions and limitations):
To confirm whether we hold any information about you,
To access such information,
To correct or delete your information under appropriate circumstances (if the data is no longer needed for the purposes for which they were collected),
To withdraw consent at any time, if we are processing personal data based on consent,
To object to our processing of your information,
To restrict our processing of your information,
To request the transfer of your personal data to you or another organization,
To review automated decision-making – if we make automated decisions concerning you, you have the right to request a review of those decisions.
To exercise these rights, please send us an email at email@example.com, specifying the nature of your request. You also have the right to contact the appropriate regulatory or legal authority directly, which in the case of Poland is the President of the Office for Personal Data Protection. However, we encourage you to contact us first so that we can resolve your concerns as promptly and effectively as possible.
While 100% data transmission security over the internet or any other network can’t be guaranteed, we take all reasonable steps to safeguard the personal data we store. We have implemented technical, physical, and organizational security measures to protect against loss, misuse, and/or alteration of your information. These safeguards vary depending on the sensitivity of the information that we collect and store.
Your personal data will be stored on servers located in the European Union. We take suitable steps to protect your data in accordance with applicable local data protection laws.
We delete accounts of inactive users if there has been no activity for at least a year since the last login. Users can also request account deletion at any time by sending an email to firstname.lastname@example.org. Upon receiving a deletion request, we will remove the account and user data within 3 months, unless it must be retained due to legal or regulatory requirements, security, fraud prevention, or unresolved account issues like unpaid access to the platform or unresolved claims or disputes.
Links and Third-Party Services
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.