Effective: November 24, 2021
Last updated: November 13, 2021
Introduction and Definition
This Policy does not impose any limits on the collection, use or disclosure of aggregate information that cannot be associated with a specific individual, or information that is otherwise determined to be Non-PII (as defined below).
“Companies”, “Company”, "Vendor" or “you” refers to the entities that are using Hines Development Corporation dba Clicki for their Partner Programs.
“Customer Data” refers to the information collected from End Users through the Vendor’s website. This may include, but is not limited to, first name, last name, email address, IP address, and transactional information to facilitate Partner program(s) requirements.
“End Users” refers to the customers that are referred to Vendors by Partners in their Partner Programs.
“Partner(s)” refers to the Partners in the Vendor Partner Programs. Partners include, but are not limited to, resellers, affiliates, advocates, and ambassadors of the Vendor/Company.
“Partner Data” refers to the information collected from Partners through the Vendor’s website. This may include, but is not limited to, first name, last name, email address, the location of posted referral links, and transactional information to facilitate Partner program(s) requirements.
“Partner Programs” refers to any (but not limited to) reseller, affiliate, advocates, and ambassador programs, campaigns intended to create sales.
Personally Identifiable Information (“PII”) collected by Clicki refers to information that may personally identify an individual. This includes, but is not limited to, first name, last name, e-mail, IP address, postal address, date of birth, phone number and may include subscriptions to the Vendor services. We may collect such information about Vendors, Partners, and Customers.
Non-Personally Identifiable Information (“Non-PII”) collected by Hines Development Corporation dba Clicki refers to information of an anonymous nature and aggregate information. Aggregate information may include, but is not limited to, usage statistics and demographic statistics with regards to Vendors, Partners, and Customers.
“Services” refers to Hines Development Corporation dba Clicki’s collection, processing and storage of data which is used to facilitate Partner Programs for Vendors. The collection of data is performed through the Vendor’s website.
“Vendor Data” refers to the information collected from Vendors. This may include, but is not limited to, first name, last name, email address, IP address, and transactional information to support its Partner program(s) requirements.
By using our Services, entities consent to the use of Partner Data and Customer Data as described in this Policy.
“Customer Data” refers to the information collected from End Users. This may include, but is not limited to, first name, last name, email address, IP address, and transactions on the Vendor’s website.
Except as set forth in this Policy, Vendor Data, Partner Data, and Customer Data will not be used for any other purpose without the consent of the Vendor, Partner or Customer, as applicable. We do not collect Vendor Data, Partner Data, or Customer Data for the purpose of sales or marketing in a way that specifically identifies individuals, and will implement reasonable efforts to help ensure this is met.
Purposes of Collection of Data
We aim to collect only such information as is required to enable us to manage Vendor and Partner accounts, to provide the Services, service improvement, fraud prevention, and for other legitimate business purposes.
We will maintain and implement necessary safeguards for Vendor Data, Partner Data, and Customer Data provided to us through the use of the Services.
We will use the PII of Vendor, Partner, and Customer for the purposes specified above in this section (subject to the exclusions and disclosures we have listed under the section entitled Important Exceptions)
Two types of information may be collected and processed through our Services:
i. PII: This information is collected by Hines Development Corporation dba Clicki and Vendors directly or through third-parties that may integrate with Hines Development Corporation dba Clicki and Vendors. The basis for collecting this information is for the provision of our Services.
ii. Non-PII: This information is collected by Hines Development Corporation dba Clicki and Vendors directly or through third-parties that may integrate with Vendors.The basis for collecting this information is for the provision and enhancement of our Services.
Hines Development Corporation dba Clicki does not knowingly collect any information from or about children under the age of 16. If we become aware that we have received any such information, we will take steps to delete this information as soon as possible.
Use and Purposes for Processing of Data
We use collected data in order to provide and enhance our Services, as well as for fraud prevention.
Vendor Data, Partner Data, and Customer Data may be shared with third-parties only to the extent which is necessary to provide our Services. Data transfers will be secured and managed based on the sensitivity of the data.
We collect aggregated statistics about the Vendors’ and Partners' use of our Services, and this information will be kept confidential. However, Non-PII will be retained by us and may be made available to other members or third-parties as per our discretion to improve our services.
If we plan to use PII in the future for any other purposes not identified in this Policy, we will only do so after informing you, and obtaining consent on the updates to this Policy.
This Policy does not apply to the security or privacy practices of such third parties.
We collect both "persistent" cookies and "session" cookies (“Cookies”). A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie will expire when the web browser is closed.
Cookies may be refused by the website visitor.
The security of Vendor Data, Partner Data, and Customer Data is important to us. We use commercially reasonable efforts to store and maintain data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Vendor Data, Partner Data and Customer Data, including the encryption of data and secure storage.
We use Google Cloud Platform (GCP) automated services, as well as various other third-party security services to automate security assessment and improve the security and compliance of our applications.
We share Vendor Data, Partner Data, and Customer Data only with our trusted subprocessors, such as service providers and database hosts. We use the Google Cloud Platform (GCP) service and accordingly Vendor Data, Partner Data and Customer Data may be available to governments or its agencies anywhere in the world, under a lawful order, irrespective of the safeguards we have put in place for the protection of such data.
We have implemented procedures designed to limit the dissemination of Vendor Data, Partner Data, and Customer Data to only such designated staff as are reasonably necessary to carry out the stated purposes described in this Policy.
We may employ third parties to help us improve the Services. These third parties may have limited access to databases of user information solely for the purpose of helping us to improve the Services and they will be subject to contractual restrictions prohibiting them from using the user information about our members for any other purpose.
Disclosures & Transfers: We have put in place contractual and other organizational safeguards with our agents to ensure an adequate level of protection of Vendor Data, Partner Data, and Customer Data. In addition to those measures, we will not disclose or transfer Vendor Data, Partner Data, orCustomer Data to third parties except as specified in this Policy (see further Important Exceptions).
For more details on how we protect your data, please see our security practices.
For more details on our subprocessors, please see our subprocessors policy.
Data Subject Requests
We have implemented measures in order to meet data and security obligations with respect to data subject rights, including but not limited to:
i. Right to know
ii. Right to accuracy
iii. Right to be forgotten
iv. Right to access
v. Withdrawal of Consent
Vendors have the right to access the Partner Data and Customer Data we hold. Upon receipt of your written request, we will provide you with a copy of your Customer Data although in certain limited circumstances, we may not be able to make all relevant information available to where such disclosure would result in a breach of our confidentiality obligations to our stakeholders. In such circumstances we will provide reasons for the denial to you upon request. We will endeavour to deal with all requests for access in a timely manner.
We may disclose Vendor Data, Customer Data and/or Partner Data where such disclosure is required by and in accordance with the lawful order by a court of competent jurisdiction, tribunal or other government agency.
We may also disclose Vendor Data, Customer Data and/or Partner Data in connection with a corporate reorganization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed is treated as confidential and continues to be used only for the purposes permitted by this Policy by the entity acquiring such data.
Data Retention and Removal
Our data retention policies are designed to help ensure that we can provide our Services and remain compliant with applicable laws.
Personal data that we process for any purpose will not be kept for longer than is necessary in order to comply with such applicable laws.
All PII retained pursuant to our data retention policies will remain subject to the terms of this Policy.
We will keep Customer Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you.
We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, Non-PII, account recovery, or if required by law.
All retained Customer Data will remain subject to the terms of this Policy.
If you request that certain data be removed from our databases, it may not be possible to completely delete all your data due to technological and legal constraints. However, we will ensure any such PII is rendered useless so as not to be attributable to any individual.
Amendment of this Policy
We reserve the right to amend this Policy at any time. If we decide to amend this Policy in the future, we will notify Vendors by email.
Any non-material amendments, such as clarifications, to this Policy will become effective on the date the amendment is posted and any material amendments will become effective 30 days from the date of notification.
Unless stated otherwise, our current Policy applies to all Data that we collect and process in the course of providing our Services. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Policy for your reference. Your continued use of the Services signifies your acceptance of any amendments.
International Data Transfers Privacy Shield And Contractual Terms
Hines Development Corporation dba Clicki may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Hines Development Corporation dba Clicki transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law: Standard Contractual Clauses issued by the European Commission.
Hines Development Corporation dba Clicki uses sub-processors to process and store Vendor Data, Customer Data and Partner Data; currently, all such sub-processors are located in the United States of America.
GDPR (General Data Protection Regulation) Compliance Statement
The GDPR’s updated requirements are significant and our team has adapted Hines Development Corporation dba Clicki’s product offerings, operations and contractual commitments to help Vendors comply with the GDPR.
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.
Fulfilling our privacy and data security commitments is important to us. So we are glad to comply and help you comply with the GDPR. If you have any questions about your rights under the GDPR as a User or how Hines Development Corporation dba Clicki can help you with compliance as a Vendor, we hope you’ll reach out to us at firstname.lastname@example.org
CCPA (California Consumer Privacy Act) Compliance Statement
Hines Development Corporation dba Clicki complies with the California Consumer Privacy Act (CCPA) and supports our customers’ compliance with the CCPA. As a provider of enterprise collaboration tools, Hines Development Corporation dba Clicki is primarily a service provider under the CCPA.
Hines Development Corporation dba Clicki offers our customers a data processing addendum (DPA) that supplements the customer terms of service or any master subscription agreement. This DPA incorporates the obligations and requirements set out by the CCPA. Please reach out to our Privacy Team (email@example.com) to obtain a copy of our DPA. If you have questions specific to the DPA, please contact our team via firstname.lastname@example.org. However, please note that the terms of our DPA are non-negotiable.
As a service provider, Hines Development Corporation dba Clicki also assists its customers in their compliance with the CCPA. Hines Development Corporation dba Clicki will assist with any deletion requests customers may receive by deleting member profile information upon verified request of a primary owner. Hines Development Corporation dba Clicki will also pass along member requests for information related to Customer Data, as well as any requests it receives for member profile deletion, to the customer. For more information about how Hines Development Corporation dba Clicki assists with rights requests, contact email@example.com.
Request to opt out of sale of personal information
Hines Development Corporation dba Clicki does not sell personal information as defined in the CCPA, and will not sell personal information without providing a future right to opt out of such a sale. You can choose to opt out of offers, promotions or other emails by managing your email preferences.