Hi Bob Limited and its affiliates (“Hi Bob”, “we”, “our” or the “Company”) respect the privacy of its Users and is committed to protect the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use the Service.
Hi Bob is a cloud-based web platform that enables organizations to manage their human resources and employee benefits including workplace pensions and other benefit arrangements, workplace risk benefits and related insurance (the “Service” or “Bob™”).
A User may be either an entity, for example an employer which has executed an agreement with Hi Bob or with Hi Bob’s resellers or distributors who provide Hi Bob’s services (“Customer“) or a Customer’s users for example a Customer’s employees, of the Services (“End User(s)“) (Customer and End User shall collectively be referred to as “Users” or “you“).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller is the Customer who makes available and permits End Users to access and use the Service or anyone on its behalf (the “Controller“).
A. Which information may we collect
Categories of information and data we may collect from our Users.
Data we collect about you from your use of the Service
The first type of Data is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected Non- Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Service. Non-personal Information which is being gathered consists of technical information and behavioral information and which may include, the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the website, the period of time the User visited the website, methods used to browse away from a page, and any phone number used to call our customer service number.
Data you give us
The second type of Data is individually identifiable information (“Personal Information“).
This information may identify an individual or may be of a private and/or sensitive nature.
Personal Information which is being gathered consists of any personal details provided consciously and voluntarily by a Customer, End User or the Customer’s administrator or through your use of the Bob platform. This may include your name (first and last), nickname, birthdate, gender, nationality, job title, phone number(s), date you first started working for your employer, department you work in, employee ID/ national security number, address, country, city, postcode, family status, spouse’s and other dependents name, gender and birth date, your bank account details (bank name, account number, account type SWIFT code, IBAN code, sort code, branch address), details regarding your salary and work (pay period, payment frequency, base salary, gross salary, overtime, bonuses, commissions, salary sacrifice, statutory payments such as sick, maternity/paternity leave, salary payment currency, credential regarding the right to work in your jurisdiction, tax code, equity, emergency contact details (name, relation, phone number(s), email address(es), city, country, post code), termination date, termination reason, probation end date, status in the system and in the workplace, IP address and other unique identifiers, User’s information relating to investment preferences and strategy, such as time horizon in connection with any investment plans, risk tolerance, net worth and desired filtering priorities for viewing investment choices from different financial service providers, information the Customer chooses to collect and other information User may choose to provide to Bob and to its employee.
Additionally, we may also collect and store, if you choose to use the applicable features of the Hi Bob Services and provide to us financial data from your individual retirement account(s), and other workplace retirement plan accounts, brokerage accounts and mutual fund accounts, including account numbers, account access information, identity of financial service providers, investment holdings, fee billings and deductions, purchases, sales and other transactions.
We will never sell your Personal Information to third parties. (for more information see the Section titled: “Sharing Data gathered through Bob with third parties”).
You do not have any legal obligation to provide any information to Hi Bob however, we require certain information in order to provide the Services. If you choose not to provide us with certain information we may not be able to provide you with the Services. Login credentials (email and username) are required to have the Hi Bob system work properly. We may keep such Personal Information in a database which will be owned and controlled by the Controller.
Hi Bob may also collect the email addresses of people who communicate with Hi Bob via email or via messenger services or create accounts and login credentials.
By registering for a trial account on Hi Bob’s general web site, Hi Bob will collect your name, company name, phone number and company email you provided. Hi Bob may use this information to offer Hi Bob’s services and support.
Hi Bob may not be aware of the nature of the information collected through the Services. Such information may include Personal Information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Information“).
B. How do we collect information on Users of Bob™?
There are two main methods we use:
• We collect Non-Personal Information through your use of our Service. In other words, when you are using the Service we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
• We collect Personal Information which you provide us voluntarily. We collect Personal Information required to operate the Service when you or the Customer’s administrator registers and opens an account. In addition, we collect your Personal Information, which may be considered as personally identifiable, whether you provide us such information by entering it manually or via a Customer. We also collect Personal Information entered voluntarily by a Customer administrator.
C. Why do we collect such Data?
Data you give to us:
We will use this Data only to provide the Services including by:
• carrying out our obligations arising from any contracts entered into between you and HiBob and/or any contracts entered into between a Customer and HiBob and to provide you with the information, products and Services that you request from HiBob;
• administering your account with HiBob;
• verifying and carry out financial transactions in relation to payments you make in connection with the Service;
• notifying you about changes to our Service;
• contacting you for the purpose of providing you with technical assistance and other related information about the Service;
• replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
D. Sharing Data gathered through Bob with third parties
We may give your Data to:
Members of our Group
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
Our selected third parties may include:
• business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing IT and other support services or in other tasks, from time to time. These third parties will only use your information to the extent necessary to perform their functions;
• analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy (this will not identify you as an individual) and data processors who process your personal data on our behalf and in accordance with our instructions and applicable data protection law. A full list can be seen below:
Amazon – Infrastructure and backups- https://aws.amazon.com/privacy/
Heroku- Infrastructure (Server platform)- https://www.heroku.com/policy/security – https://www.heroku.com/policy/privacy
LogDNA- App logs- https://logdna.com/privacy
Papertrail- App logs- https://papertrailapp.com/info/privacy
Rollbar- Error tracking in the app- https://rollbar.com/privacy/
Stripe- Payment (Credit Cards)- https://stripe.com/us/privacy/
Gocardless (not a part of the Bob Platform)- Payment (Non credit card)- https://gocardless.com/legal/privacy/
Intercom- Customer support platform- https://www.intercom.com/terms-and-policies#privacy
Salesforce- CRM- https://www.salesforce.com/company/privacy/
Mailchimp (not a part of the Bob Platform)- communication emails- https://mailchimp.com/legal/privacy/
WPEngine (not a part of the Bob Platform)- Communication emails- https://wpengine.com/legal/privacy/
Leadfeeder (not a part of the Bob Platform)-Communication email- https://www.leadfeeder.com/privacy/
Google analytics- General statistics- https://www.google.com/intl/en/policies/privacy/
• pension plan providers and other insurance related employee benefits which may be made available to you through the Service, for the purpose of preparing proposal forms in respect of any pension or other insurance related employee benefit as you may direct, only upon Customer’s request and under a separate agreement between Customer and such provider;
• independent financial advisor in connection with the provision of a third-party pension plan provider;
We may disclose your personal information to third parties:
• If Hi Bob’s all or substantially all of its assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Hi Bob, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
For avoidance of doubt, Hi Bob may transfer and disclose Non-Personal Information to third parties at its own discretion.
E. Where do we store your data?
The Data we collect is hosted on the Amazon Cloud in Ireland and Frankfurt which provides advanced security features and is compliant with ISO 27001 standard.
Hi Bob headquarter is based in Israel which is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.
In addition to the above, the Data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data protection laws, only upon Customer’s approval in a manner agreed between HiBob and the Customer.
We may transfer your personal data outside of the EEA, in order to:
• Store or backup the information;
• Enable us to provide you with the Services and fulfil our contract with you;
• Fulfil any legal obligations which require us to make that transfer;
• Facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
F. Modification or deletion of personal information gathered through Bob™
Data stored through Bob is inherently dynamic and may contain errors and omissions. If for any reason you wish to modify your Personal Information you may do so on through Bob by editing the relevant data that needs to be modified. Please note that certain data cannot be edited without the Controller’s consent such as data related to your engagement with your employer (job title, start date, salary related details, work status and termination etc.). In order to delete your Personal Information completely please contact the Controller.
Hi Bob is a mere processor of data and is not the data owner or Controller. As such Hi Bob may not be able to delete your information without Controller’s authorization. Each User hereby agree and confirm the Hi Bob shall not have any liability or responsibility in connection with actions taken in accordance with Controller’s instructions.
End Users may have a legal right under certain applicable laws (for instance if the End User is an E.U. citizen) to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes.
If, for any reason, an End User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined below) (e.g. Hi Bob’s Customer, your employer). The Controller shall perform the necessary process to identify the End User as a End User who has a the right to retrieve the specific information and then furnish to Hi Bob the data required to be amended, deleted or retrieved together with a specific identification of the End User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to Hi Bob’s servers (IP address is not enough for an identification of End User or data)). Hi Bob cannot retrieve data without a specific identification of End User by the Customer. Hi Bob may not be able to delete, amend or retrieve End User’s information without the Controller’s instructions and authorization.
Please note that Personal Information may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Information, depending on technical commercial capability. Such information may continue to be used by Hi Bob for the purpose of operating the Service.
For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed below and we shall make efforts to respond and support your request.
G. Data retention – Bob
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Hi Bob shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Hi Bob’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreements).
Hi Bob will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Bob is backed up for system continuity purposes and each backup file may be stored for 30 days.
Each User must keep the appropriate backup of its data. Hi Bob shall not be responsible for any deletion of data or for any breach to database or for any erroneous data unless otherwise agreed with its Customer.
After a (i) request from the Controller to delete any data or (ii) a deletion of data from the Bob’s interface; (iii) termination of an employee account or an organization from the Bob system, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once begun, this process cannot be reversed and data will be permanently deleted. Some data will not be deleted and shall be kept in an anonymized manner.
Type of Data -Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration
User names- 30 days
Documents- 30 days
Backups- 30 days
Logs- 30 days
Archived Documents- 30 days
Search- 30 days
Log data in Analytics Platform- 30 days
Log data for logins- 24 months
Similarly, Hi Bob collects and retains metadata and statistical information concerning the use of the Service which are not subject to the deletion procedures in this policy and may be retained by Hi Bob for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.
Customer may retain Personal Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer. You hereby agree not to assert any claim against Hi Bob this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.
H. Cookies & local storage
When you access or use the Service, Company may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The cookies used by the Service are created per session and does not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Service may be limited.
Hi Bob uses secured Cookies. That means a cookie with a secured flag which can only be transmitted over an encrypted connection. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
We use the following types of Cookies:
• Strictly necessary cookies. These are cookies that are required for the operation of our Site and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Service.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our Site. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your choice of language or region).
The effect of disabling cookies depends on which cookies you disable but, in general, the Service may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to use our Services.
If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use.
Further details on how to disable cookies can be found here:
Internet Explorer – http://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Google Chrome – https://support.google.com/chrome/answer/95647?hl=en
Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari – http://help.apple.com/safari/mac/8.0/#/sfri11471
Except for essential cookies, all cookies used on our site will expire at the end of the session
I. Security and storage of information
We take a great care in implementing, enforcing and maintaining the security of the Service, and our Users’ Personal Information. Hi Bob implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis. Hi Bob is certified under the ISO 27001:2013, ISO 27018:2014 and SOC2 Type 2.
The Personal Information is hosted on the Amazon Cloud in Ireland and Frankfurt which provides advanced security features and is compliant with ISO 27001 standard, among other certifications, as listed here: https://aws.amazon.com/compliance/. All Personal Information is stored with logical separation from information of other customers. However, we do not guarantee that unauthorized access will never occur.
Hi bob shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by bob on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Hi Bob undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, Hi Bob shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.
Hi Bob maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security.
The Service may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.
J. Offers from Customers to End Users
If Customer chooses to and instruct Hi Bob in writing, Hi Bob may send commercial on behalf of the Customer materials to End Users. Each End User hereby agree that Hi Bob may use contact details for the purpose of informing regarding products and services which may interest the End Users and were pre-approved by Customer. Upon Customer’s prior written consent, Hi Bob may use End User’s information to tailor advertisements to suit your interests and needs. You may withdraw your consent in accordance with the Controller’s policies by giving the Controllers notice to that effect. Controller shall be responsible to hold all required consent to such communication and shall inform End Users of their rights in such cases (including the right to redraw consent in certain cases).
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 16 to register for the Hi Bob Service. If you are under 16, do not register or attempt to register for any of the Hi Bob Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Information or Personal Data from a child under the age of 16, we reserve the right to delete that Personal Information or Personal Data as soon as reasonably practicable without any liability to Hi Bob from any User. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: email@example.com as soon as possible.
L. Questions, contact information and complaints
Please do not hesitate to contact us:
firstname.lastname@example.org or 972-73-2652599.
You can contact our DPO (Kobi Afoota) also at: email@example.com or at: 3 Soncino St. Tel Aviv 6721603
Last Revised: March 15, 2018