Privacy Policy | Heroify

This Privacy Policy (“Policy”) explains the information collection, use, and sharing practices of Heroify sp. z o.o. (“we,” “us,” and “our”). Heroify Sp. z o.o. (“Heroify”) with its registered address: Warsaw, 23/7 Padewska street, 00-777 Warsaw, Tax no. (NIP): 5213930518, is a data controller of your personal data.

Unless otherwise stated, this Policy describes and governs the information collection, use, and sharing practices of Heroify with respect to your use of our website (https://heroify.co) and the services (“Services”) we provide and/or host on our servers.

Before you use or submit any information through or in connection with the Services, please carefully review this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy Policy.

If you do not agree to this Policy, please do not use our Services.

Our Principles

Heroify has designed this Policy to be consistent with the following principles:

Privacy policies should be human readable and easy to find.
Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand.
Data practices should meet the reasonable expectations of users.

Information We Collect

We collect information in multiple ways, including when you provide information directly to us; when we passively collect information from you, such as from your browser or device; and from third parties.

Information You Provide Directly to Us

We will collect any information you provide to us. We may collect information from you in a variety of ways, such as when you: (a) create an online account, (b) contact us or provide feedback, or (c) subscribe to our newsletter. This information may include but is not limited to your name, surname, email address, phone number, your IP and connection time, and your geographic location. If you complete our online tests, we may also process other information like your answers provided to the test available in our Service and its results, however we will do so as a data processor and on behalf of the company that arranged the test for you.

Information that Is Automatically Collected

Device/Usage Information
We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Cookies and Other Tracking Technologies
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to: (a) recognize your computer; (b) maintain a session of the Service user (after logging in), thanks to which a user does not have to re-enter login and password on each subpage of the Service; (c) store your preferences and settings; (d) ensure proper functioning of selected functions of the website; (e) enhance your user experience by delivering content specific to your inferred interests; (f) collect of anonymous statistics, thanks to which we can learn better the expectations of users; (g) fulfil the purposes specified below in the section “Relevant marketing techniques”; (h) perform searches and analytics; and (i) assist with security administrative functions.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Strictly necessary Cookies. We use Session Cookies to operate our Service.
Performance Cookies. We use Performance Cookies to gather data on how visitors use a website, which pages of a website are visited most often, or if they get error messages on web pages.
Security Cookies. We use Security Cookies for security purposes.

Cookies placed in the Service User’s end device may also be used by entities cooperating with us, in particular: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA), HotJar (HotJar Ltd based in Malta).

How We Use Your Information

We may use the information we collect from and about you to:

Fulfil the purposes for which you provided it.
Conducting online chat.
Handling enquiries via the online forms.
Presenting you an offer or information.
Provide and improve the Services, including to develop new features or services, take steps to secure the Services, and for technical and customer support.
Fundraise, accept donations, or process transactions.
Send you information about your interaction or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed.
Process and respond to your inquiries or to request your feedback.
Conduct analytics, research, and reporting, including to synthesise and derive insights from your use of our Services.
Comply with the law and protect the safety, rights, property, or security of Heroify the Services, our users, and the general public; and
Enforce our Terms of Use, including to investigate potential violations thereof.

We may aggregate and/or de-identify information collected through the Services and use such data for research and marketing purposes.

Activities involving automated decision-making, including profiling, may be undertaken in relation to you for the purpose of providing services under the contract concluded and for the purpose of direct marketing by the data controller.

Relevant marketing techniques

We use statistical analysis of the website traffic via Google Analytics (Google Inc., based in the USA). The operator does not transmit personal data to the operator of this service, but only anonymised information. The service is based on the use of cookies on the user’s terminal device. With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using the following tool: https://www.google.com/ads/preferences/
We use remarketing techniques to match advertising messages with the user’s behaviour on the website, which may give the illusion that the user’s personal data is being used to track the user, but in practice no personal data is transferred from us to the advertising operators. A technological prerequisite for this is that cookies are enabled.
We use a solution to study user behaviour by creating heat maps and recording behaviour on the website. This information is anonymised before it is sent to the operator of the service so that the operator does not know which natural person it relates to. In particular, typed passwords and other personal data are not recorded.
We also use a solution which automates the operation of the Website in relation to users, e.g. it may send an e-mail to the user after he/she visits a particular subpage, provided that he/she has consented to receive commercial correspondence from us.

When We Disclose Your Information

We may transfer your data to entities processing the data at our request, but only for the purpose and within the scope necessary to perform the above mentioned purposes. This applies to such groups of recipients:

hosting company on a delegated basis,
postal operators,
law firms and debt collectors,
payment operators,
online chat solution providers,
authorised employees and associates who use the data to fulfil the purpose of the website,
companies that provide marketing services to us.

We may disclose your information to any third parties based on your consent to do so. We may also disclose de-identified and/or aggregated data for any purpose to third parties, including advertisers, promotional partners, and/or others.

Legal Basis for Processing Personal Data

Our legal grounds for processing your personal data are as follows:

To Honor Our Contractual Commitments to You.

Much of our processing of information is to meet our contractual obligations to provide services to our users.

Legitimate Interests.

In many cases, we handle information on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, these include:

Customer service,
Marketing, including sending newsletters, advertising, and fundraising,
Protecting our users, personnel, and property,
Managing user accounts,
Organising and running events and programs,
Analysing and improving our business,
Managing legal issues.

We may also process information for the same legitimate interests of our users and business partners.

Legal Compliance.

We may need to use and disclose information in certain ways to comply with our legal obligations.

Consent.

Where required by law, and in some other cases where legally permissible, we handle information on the basis of consent. Where we handle your information on the basis of consent, you have the right to withdraw your consent; in accordance with applicable law.

Data Subject Rights

You have various rights with respect to the collection and use of your information through the Services. Those choices are as follows:

Email Unsubscribe

You may unsubscribe from our marketing emails at any time by clicking on the “unsubscribe” link at the bottom of each newsletter or by emailing support@heroify.co with your request.

Account Preferences

If you have registered for an account with us through our Services, you can update your account information or adjust your email communications preferences by logging into your account and updating your settings.

EU Data Subject Rights

You have the following legal rights (subject to applicable exceptions and limitations):

to obtain confirmation of whether we hold certain information about you,
to access such information,
to obtain its correction or deletion in appropriate circumstances (when we no longer need it for the purposes it was obtained)
to withdraw consent at any time, if we process personal data based on consent,
to object to our handling of your information,
to restrict our processing of your information
to ask for your personal data to be sent to you or to another organisation
to review automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed.

To exercise these rights, please email us at gdpr@heroify.co with the nature of your request. You also have the right to go directly to the relevant supervisory or legal authority, which for Poland would be Prezes Urzędu Ochrony Danych Osobowych, but we encourage you to contact us so that we may resolve your concerns directly as best and as promptly as we can.

International Transfers

If we provide any information about you to any third parties information processors located outside of the EEA, we will take appropriate measures (i.e. EU Standard Contractual Clauses) to ensure such companies protect your information adequately in accordance with this Privacy Policy and other data protection laws to govern the transfers of such data.

Security Measures

Whilst no data transmission over the internet or any other network can be guaranteed as 100% secure, we take all reasonable steps to safeguard the personal data we hold. We have implemented technical, physical, and organisational security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store.

Data Retention

We retain the information we collect for as long as necessary to fulfil the purposes set forth in this Privacy Policy or as long as we are legally required or permitted to do so. This means that we retain different categories of data for different periods of time depending on the type of data, the category of user to whom the data relates, and the purposes for which we collected the data.

We will delete the non-active users accounts if there is no activity at those accounts for at least a year since last log in. Users may also request deletion of their account at any time through a request sent to gdpr@heroify.co. Following an account deletion request, we delete the user’s account and data within 3 months, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute.

Third-Party Links and Services

The Services may contain links to third-party websites (e.g., social media sites like Facebook and Twitter), third-party plug-ins (e.g., the Facebook “like” button and Twitter “follow” button), and other services. If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. We are not responsible for the content or privacy practices of such third party websites or services. The collection, use and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We encourage you to read the privacy statements of each and every site you visit.

Changes to this Privacy Policy

We will continue to evaluate this Privacy Policy as we update and expand our Services, and we may make changes to the Privacy Policy accordingly. We will post any changes here and revise the date last updated above. We encourage you to check this page periodically for updates to stay informed on how we collect, use and share your information. If we make material changes to this Privacy Policy, we will provide you with notice as required by law.

Questions About this Privacy Policy

If you have any questions about this Privacy Policy or our privacy practices, you can contact us at: gdpr@heroify.co.