Last updated: 1st June 2023.
INFORMATION WE COLLECT ABOUT YOU
We gather information about you through various means, including when you provide it directly to us, when you utilize our products, services, and website, and when other sources furnish it to us. The information we collect encompasses the following:
Account information: When you subscribe to our products or services or establish an account with us, we collect pertinent details such as your name, email address, username, phone number, address, and organization. Additionally, we request and obtain personal information, such as the name and email address of any individual authorized by you to use our products or services.
Billing information: In the event that you need to make a payment for our products or services, we gather your billing particulars, which include a billing address and financial and payment information.
Information provided by you or your employer: we diligently collect the information that you voluntarily provide to us or your employer provides on your behalf. This includes instances when you:
- Contact us through various means such as phone, email, online chat, or any other communication channel.
- Complete forms on our website.
- Register for an account to access our website.
- Subscribe to receive our newsletters and promotional materials.
- Participate in surveys conducted by us, aimed at gathering feedback on our services and training courses.
- Enrol in and attend our events or training courses.
- Engage in discussions and forums on our website.
- Reach out to us for customer support.
Technical information: Additionally, we may utilize the information we collect in an aggregated or anonymized manner, ensuring that your identity remains undisclosed. This aggregated or anonymized data is used for purposes such as analyzing user interactions with our platforms and products, conducting research, facilitating development, implementing marketing strategies, and performing analytics.
Third-party services: in the event that you opt to enable or connect a third-party application or service in conjunction with our products and services, please note that said third-party service may disclose certain information about you to us. This may include details such as your name and email address for authentication purposes. We advise you to review and adjust your privacy settings on these third-party services to comprehend and govern the information shared with us through these services.
Information from other users: furthermore, other users of our products or services have the potential to provide us with information pertaining to you. For instance, when another individual grants you authorization to utilize our products and services, they may provide us with your name and email address. Additionally, within your organization, an individual may furnish us with your contact information if they designate you as the billing or technical contact for your organization’s account.
USE OF GATHERED INFORMATION
We utilize the information we gather about you in the following ways. For each of these purposes, we have established a legal basis for processing your information:
Providing products and services: we employ your information to deliver the products and services you have subscribed to or requested. This includes offering customer support and ensuring you benefit from any relevant product or service’s auto-update feature. Such processing is necessary for the performance of our contractual obligations to you concerning these products and services.
Payment Collection: we employ your information to facilitate the collection of fees owed to us for your usage of our products and services. This processing is essential for the fulfilment of our contractual obligations to you.
Please note that this section does not pertain to your Survey Data. We handle such data solely in accordance with your instructions and the terms of our agreement with you.
Responding to inquiries: we will utilize your contact information and any details you provide to us in order to address your inquiries, requests for information, or complaints. Depending on the nature of your inquiry, we may do so to fulfill our contractual obligations to you, comply with legal obligations, provide you with optimal service, and gain insights on how to enhance our products and services based on your feedback and experience.
Third-Party services: in instances where you choose to enable or connect to a third-party application or service, we will use the information shared with us by that application or service to facilitate the performance of our contractual obligations to you.
Protection of business, products, services, and website: we will utilize your information in alignment with our legitimate interests, which involve administering and maintaining our systems, ensuring network and information security, and safeguarding our business, products, services, and website. This includes preventing unauthorized access to our networks, investigating faults, mitigating the misuse of our products or services, averting denial of service attacks, and monitoring system usage and server load.
Legal Requests: there may be instances where we need to utilize your information to fulfil a legal obligation, such as responding to a court order, complying with a request from a supervisory authority or government entity, or preventing fraudulent activities.
Marketing: we may utilize your information to provide you with details about our products, services, offers, and events that we believe may be of interest to you. These communications solely pertain to our own products and services, and we do not disclose your information to third parties for marketing purposes. We send such communications either with your consent (where you have explicitly provided consent to receive such communications) or in accordance with our legitimate interests in expanding our business.
Legal basis for processing (EEA and UK only): for individuals from the European Economic Area (EEA) or the UK, if your data is processed by Handprint, we are required to have a legal basis for collecting and using your information as a data controller. The legal basis will fall under one of the following categories:
- Contractual Necessity: we may require your information to fulfil a contract with you. For example, this may include delivering the services you have requested from us.
- Consent: in certain cases, we may rely on your consent to collect and use your information. If we do so, you have the right to withdraw or refuse to give your consent at any time. Please note that the withdrawal of consent does not affect the lawfulness of any processing based on your consent before its withdrawal.
- Legitimate Interests: we may process your information based on our legitimate interests, provided that such interests do not override your own interests or fundamental rights and freedoms.
- Legal or regulatory obligation: in some instances, we may need to process your information to comply with a legal or regulatory obligation.
If you have any questions regarding the legal basis for the collection and use of your information, including information about our legitimate interests, please feel free to contact us for further clarification and information at firstname.lastname@example.org
DISCLOSURE OF YOUR INFORMATION
We only share your information in the following circumstances:
Our service providers: we may disclose your information to third-party service providers who assist us in delivering our services. We have established agreements with these service providers to ensure that they maintain appropriate safeguards for your information. They are only permitted to use your information as instructed by us and solely for the purpose of providing the relevant services to us. For example, we engage third parties to manage credit card processing, host our application and landing page, provide online chat service, offer analytics information, and provide database and media services.
We take great care in selecting and vetting our service providers to ensure the security and confidentiality of your information.
Professional advisers: we may need to disclose your information to our professional advisers, such as lawyers, bankers, auditors, and insurers. This is done to ensure compliance with legal and regulatory requirements, seek legal advice, manage financial matters, and maintain appropriate insurance coverage.
Forums: if you choose to utilize the forums on our website, please be aware that any personal information you submit there can be accessed, collected, or used by other users of those forums. They may use this information to send you unsolicited messages. We do not take responsibility for the personal information you choose to share in these forums or for any private messages sent via the forum. If you wish to have your personal information removed from our community forum, please contact us at email@example.com
We prioritize the security of your information and have implemented appropriate physical, electronic, and managerial measures to prevent unauthorized access or disclosure. These measures aim to safeguard and secure the information we collect online.
Handprint’s data centers are managed by AWS (Amazon Web Services), which adheres to stringent security standards. The following are some of the technical and organizational measures (TOMs) employed:
Physical security: data centers are situated in nondescript facilities with robust perimeter controls and natural boundary protections. They have obtained accreditations such as ISO 27001, SOC 1, SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
Environmental safeguards: measures include fire detection and suppression systems, reliable power systems, and climate and temperature control mechanisms.
Network security: firewalls, DDoS (Distributed Denial of Service) mitigation, protections against spoofing and sniffing, and port scanning safeguards are in place.
Data security: SSL encryption is employed for customer applications and Postgres databases to ensure secure transmission and storage of data.
System Security: system configurations are optimized for security, and customer applications are isolated to prevent unauthorized access. Robust system authentication protocols are implemented.
Vulnerability management: ongoing vulnerability assessments are conducted to identify and mitigate potential risks.
Backups: regular backups are performed for customer applications, customer Postgres databases, and customer configuration and meta-information.
Disaster Recovery: customer data retention and destruction practices are in place to ensure effective disaster recovery procedures.
By implementing these security measures, we strive to maintain the confidentiality, integrity, and availability of your information.
YOUR RIGHTS AS A DATA SUBJECT
As a data subject, you have certain rights regarding the processing of your personal information. These rights may vary depending on your jurisdiction and the specific circumstances of the processing. We are committed to upholding these rights and facilitating their exercise. Please note that if we act as a data processor on behalf of our customers, you may need to contact them directly to exercise your rights related to your Survey Data.
Right to Access: You have the right to request information about whether we hold any of your personal information and to obtain a copy of that information. To exercise this right, please contact us at firstname.lastname@example.org. We will respond to your request in a timely manner.
Right to rectification: you have the right to request the correction or amendment of any inaccurate or incomplete personal data that we hold about you. If you believe that your personal data is incorrect or requires updating, please contact us, and we will promptly address your request.
Right to erasure: in certain circumstances, you have the right to request the erasure of personal information held about you. However, please note that this right may be subject to qualifications, such as when it is necessary for us to retain the information for record-keeping purposes or to comply with our legal obligations. If you wish to exercise your right to erasure, please contact us, and we will assess your request based on the applicable legal requirements.
Additional rights: depending on the applicable laws and regulations, you may have other rights, such as the right to restrict the processing of your personal data or the right to data portability. If you have any inquiries or wish to exercise any of these additional rights, please contact us, and we will assist you accordingly.
We are committed to handling your requests in a prompt and transparent manner, ensuring that your rights as a data subject are respected and upheld to the extent required by applicable laws and regulations.
Right to object: in certain circumstances, you have the right to object to the processing of your personal data based on our legitimate interests. However, we may demonstrate compelling legitimate grounds for the processing that override your rights and freedoms.
Right to restrict processing: you may have the right to request the restriction of processing your personal data. This right can be exercised, for example, when you believe that the personal data we hold about you is inaccurate or unlawfully processed.
Right to data portability: under certain conditions, you have the right to receive your personal data in a structured, machine-readable format and have the right to transmit that data to another data controller.
To exercise any of these rights, please contact us at email@example.com. To ensure the security and protection of your personal information, we may need to verify your identity before proceeding with your request.
You also have the right to withdraw your consent at any time if we rely on consent as the legal basis for processing your personal information. Please note that withdrawing consent does not affect the lawfulness of any processing carried out prior to the withdrawal. To withdraw your consent, you can contact us via email at firstname.lastname@example.org or by post using the address provided below. We will respond to your request within a reasonable timeframe.
If you have any concerns about the way we handle your personal data, you have the right to lodge a complaint with the supervisory authority, which in this case is the Personal Data Protection Commission Singapore (PDPA).
DATA RETENTION AND DELETION POLICY
We will retain your personal information for the duration of your active account or as necessary to fulfil the purposes outlined in this policy, which includes meeting any legal, accounting, or reporting obligations. If you wish to have your personal information deleted, you can contact us at email@example.com at any time. In the event that we are unable to fulfil your deletion request, such as if we are required to retain certain information to comply with a legal obligation, we will inform you of the reasons for our inability to delete the information.
Attention: Handprint Data Protection
HANDPRINT PTE. LTD.
160 Robinson Road
#14-04 Singapore Business Federation Centre
We will promptly address any inquiries or concerns you may have regarding your personal data or our privacy practices.