Hi Bob Limited (including its affiliates) (“Hi Bob”, “we”, “our” or the “Company”) respect the privacy of its Users and is committed to protect the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use the Service or interact with us in any manner.
Hi Bob is a cloud-based web platform that enables organizations to manage their human resources and employee benefits including workplace pensions and other benefit arrangements, workplace risk benefits and related insurance (the “Service” or “Bob™”). Hi Bob also operates websites available among others at: www.hibob.com (the “Website”).
A User may be either an entity, for example an employer which has executed an agreement with Hi Bob or with Hi Bob’s resellers or distributors who provide Hi Bob’s services (“Customer “) or a Customer’s users for example a Customer’s employees, of the Services or users of the Website (“End User(s)“) (Customer and End User shall collectively be referred to as “Users” or “you“).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of European Economic Area data protection law, (the “Data Protection Law“), the data controller of the data processed through the Service is the Customer who makes available and permits End Users to access and use the Service or anyone on its behalf. For data retained through the website or data processed not through the Service (i.e. contact detailed of potential customers or resumes sent to us from potential employees for the purpose of engagement with Hi Bob), Hi bob is the controller (the “Controller”).
Categories of information and data we may collect from our Users.
Data we collect about you from your use of the Service and Website
Data you give us
This information may identify an individual or, in some cases if the Controller chose to, may be of a private and/or sensitive nature (only data processed through the Service).
Personal Information which is being gathered through the Service consists of any personal details provided consciously and voluntarily by a Customer, End User or the Customer’s administrator or through your use of the Bob platform. This may include your name (first and last), nickname, birthdate, gender, nationality, job title, phone number(s), date you first started working for your employer, department you work in, employee ID/ national security number, address, country, city, postcode, family status, spouse’s and other dependents name, gender and birth date, your bank account details (bank name, account number, account type SWIFT code, IBAN code, sort code, branch address), details regarding your salary and work (pay period, payment frequency, base salary, gross salary, overtime, bonuses, commissions, salary sacrifice, statutory payments such as sick, maternity/paternity leave, salary payment currency, credential regarding the right to work in your jurisdiction, tax code, equity, emergency contact details (name, relation, phone number(s), email address(es), city, country, post code), termination date, termination reason, probation end date, status in the system and in the workplace, IP address and other unique identifiers, User’s information relating to investment preferences and strategy, such as time horizon in connection with any investment plans, risk tolerance, net worth and desired filtering priorities for viewing investment choices from different financial service providers, information the Customer chooses to collect and other information User may choose to provide to Bob and to its employee.
Personal Information gathered not through the Service may include: contact details including firs and last name, job title, phone number, email, address, information you decide to share with us in the forms available on the Website, other information regarding point of contact of potential customer derived from public resources (like LinkeIn™), your CV (if you choose to share it with us as part of your recruitment process with Hi Bob)
We will never sell your Personal Information to third parties. (for more information see the Section titled: “Sharing Data gathered through Bob with third parties”).
You do not have any legal obligation to provide any information to Hi Bob however, we require certain information in order to provide the Services. If you choose not to provide us with certain information, we may not be able to provide you with the Services. Login credentials (email and username) are required to have the Hi Bob system work properly. Contact details are required is you contact us through the Website (for instance to book a demo) in order for us to continue the communications with you. We may keep such Personal Information in a database which will be owned and controlled by the Controller.
Hi Bob may also collect the email addresses of people who communicate with Hi Bob via email or via messenger services or create accounts and login credentials.
By registering for a trial account on Hi Bob’s general website, Hi Bob will collect your name, company name, phone number and company email you provided. Hi Bob may use this information to offer Hi Bob’s services and support and to communicate with you about the Service and related offers.
Hi Bob may not be aware of the nature of the information collected through the Services. Such information may include Personal Information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Information”).
There are two main methods we use:
We collect Non-Personal Information through your use of our Service or Website.In other words, when you are using the Service we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
We collect Personal Information which you provide us voluntarily. We collect Personal Information required to operate the Service when you or the Customer’s administrator register and open an account. In addition, we collect your Personal Information, which may be considered as personally identifiable, whether you provide us such information by entering it manually or via a Customer. We also collect Personal Information entered voluntarily by a Customer administrator.
Data you give to us:
We will use this Data only to provide the Services including:
We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may give your Data to:
Members of our Group
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
Our selected third parties may include: aggregated
A full list can be seen below:
Amazon, Infrastructure and backups, https://aws.amazon.com/privacy/
Heroku, Infrastructure (Server platform), https://www.heroku.com/policy/security, https://www.heroku.com/policy/privacy
LogDNA, App logs, https://logdna.com/privacy
Papertrail, App logs, https://papertrailapp.com/info/privacy
Rollbar, Error tracking in the app, https://rollbar.com/privacy/
Stripe, Payment (Credit Cards), https://stripe.com/us/privacy/
Gocardless (not a part of the Bob Platform), Payment (Non credit card), https://gocardless.com/legal/privacy/
Intercom, Customer support platform, https://www.intercom.com/terms-and-policies#privacy
Salesforce, CRM, https://www.salesforce.com/company/privacy/
Mailchimp (not a part of the Bob Platform), communication emails, https://mailchimp.com/legal/privacy/
WPEngine (not a part of the Bob Platform), Communication emails, https://wpengine.com/legal/privacy/
Leadfeeder (not a part of the Bob Platform), Communication email, https://www.leadfeeder.com/privacy/
Google analytics, General statistics, https://www.google.com/intl/en/policies/privacy/
Pendo, general statistics, product guidance and surveys https://www.pendo.io/privacypolicy/ , https://www.pendo.io/support/trust/
Other service providers may be used in order to process data in accordance with this Policy for processing information gathered through the Website (not through the Service) for contact management, statistics, payment processing etc.. For a list of sub-processors processing contact details and information from the Website, please contact us.
We may disclose your personal information to third parties:
For avoidance of doubt, Hi Bob may transfer and disclose Non-Personal Information to third parties at its own discretion. We May process Person Information to make it anonymized and aggregated per the Controller’s instructions to provide the Controller certain features and services (for instance benchmarking and analytics services). Users may opt-out from any processing of data to make Personal Information aggregated for statistical or benchmarking purposes, either through the Platform or by contacting HiBob via to the email detailed below (subject to Controller’s instructions and applicable law). Any aggregated data shall belong to Hi Bob provided it is completely anonymized, cannot identify any person or reversed to be considered Personal Information again. Hi Bob may make such non-personal information publicly available or combined with other information provided no such data may identify a person, a customer or reversed to be considered Personal Information again.
The Data we collect is hosted on the Amazon Cloud in Ireland and Frankfurt which provides advanced security features and is compliant with ISO 27001 standard.
Hi Bob headquarter is based in Israel which is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.
In addition to the above, the Data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data protection laws, only upon Customer’s approval in a manner agreed between HiBob and the Customer.
We may transfer your personal data outside of the EEA, in order to:
Data stored through Bob is inherently dynamic and may contain errors and omissions. If for any reason you wish to modify your Personal Information you may do so on through Bob by editing the relevant data that needs to be modified. Please note that certain data cannot be edited without the Controller’s consent such as data related to your engagement with your employer (job title, start date, salary related details, work status and termination etc.). In order to delete your Personal Information completely please contact the Controller.
Hi Bob is a mere processor of data processed through the Service and is not the data owner or Controller. As such Hi Bob may not be able to delete your information without Controller’s authorization. Each User hereby agree and confirm the Hi Bob shall not have any liability or responsibility in connection with actions taken in accordance with Controller’s instructions.
End Users may have a legal right under certain applicable laws (for instance if the End User is an E.U. citizen) to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes.
If, for any reason, an End User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined below) (e.g. Hi Bob’s Customer, your employer). The Controller shall perform the necessary process to identify the End User as a End User who has a the right to retrieve the specific information and then furnish to Hi Bob the data required to be amended, deleted or retrieved together with a specific identification of the End User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to Hi Bob’s servers (IP address is not enough for an identification of End User or data)). Hi Bob cannot retrieve data without a specific identification of End User by the Customer. Hi Bob may not be able to delete, amend or retrieve End User’s information without the Controller’s instructions and authorization.
Please note that Personal Information may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Information, depending on technical commercial capability. Such information may continue to be used by Hi Bob for the purpose of operating the Service.
For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed below and we shall make efforts to respond and support your request.
Data retention – Bob
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Hi Bob shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Hi Bob’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreements).
Hi Bob will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Bob is backed up for system continuity purposes and each backup file may be stored for 30 days.
Each User is responsible keep the appropriate backup of its data. To the extant possible under applicable laws, Hi Bob shall not be responsible for any deletion of data or for any breach to database or for any erroneous data unless otherwise agreed with its Customer.
After a (i) request from the Controller to delete any data or (ii) a deletion of data from the Bob’s interface; (iii) termination of an employee account or an organization from the Bob system, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once begun, this process cannot be reversed and data will be permanently deleted. Some data will not be deleted and shall be kept in an anonymized manner.
Type of Data – Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration
Usernames – 30 days
Documents – 30 days
Backups – 30 days
Logs – 30 days
Archived Documents – 30 days
Search – 30 days
Log data in Analytics Platform – 30 days
Log data for logins – 24 months
Similarly, Hi Bob collects and retains metadata and statistical information concerning the use of the Service for the purpose of providing its services, which are not subject to the deletion procedures in this policy and may be retained by Hi Bob for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.
Customer may retain Personal Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer. You hereby agree not to assert any claim against Hi Bob this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.
Anonymized aggregated data may be retained by Hi Bob for as long it is required to provided its services. Contracts and billing information may be retained as required by Hi Bob but at least 7 years from termination or expiration of the relationship with the applicable Customer or party.
Cookies & local storage
When you access or use the Service, Company may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The cookies used by the Service are created per session and does not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Service may be limited.
Hi Bob uses secured Cookies. That means a cookie with a secured flag which can only be transmitted over an encrypted connection. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
We use the following types of Cookies:
The effect of disabling cookies depends on which cookies you disable but, in general, the Service may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to use our Services.
If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here:
Internet Explorer – http://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Google Chrome – https://support.google.com/chrome/answer/95647?hl=en
Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari – http://help.apple.com/safari/mac/8.0/#/sfri11471
Except for essential cookies, all cookies used on our site will expire at the end of the session
Security and storage of information
We take a great care in implementing, enforcing and maintaining the security of the Service, and our Users’ Personal Information. Hi Bob implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis. Hi Bob is certified under the ISO 27001:2013, ISO 27018:2014 and SOC2 Type 2.
The Personal Information is hosted on the Amazon Cloud in Ireland and Frankfurt which provides advanced security features and is compliant with ISO 27001 standard, among other certifications, as listed here: https://aws.amazon.com/compliance/. All Personal Information is stored with logical separation from information of other customers. However, we do not guarantee that unauthorized access will never occur.
Hi bob shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by bob on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Hi Bob undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, Hi Bob shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.
Hi Bob maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security.
The Service may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.
Offers from Customers to End Users
If Customer chooses to and instruct Hi Bob in writing, Hi Bob may send commercial on behalf of the Customer materials to End Users. Each End User hereby agree that Hi Bob may use contact details for the purpose of informing regarding products and services which may interest the End Users and were pre-approved by Customer. Upon Customer’s prior written consent, Hi Bob may use End User’s information to tailor advertisements to suit your interests and needs. You may withdraw your consent in accordance with the Controller’s policies (and in cases where Hi Bob is the Controller such as in connection with Data collected from the website but not from the Service, in accordance with this Policy) by giving the Controllers notice to that effect. Controller shall be responsible to hold all required consent to such communication and shall inform End Users of their rights in such cases (including the right to redraw consent in certain cases).
Information we collect outside the Service
We may collect information provided to us by job candidates (“Applicants”) when they apply to a position in our super great company. Hi Bob welcomes all qualified Applicants to apply to any of the open positions by sending us their contact details and CV (“Applicants Information”). Applicants Information will be maintained, processed and stored in Israel, UK and in the applied position’s location(s), and as necessary, in secured cloud storage provided by our Third-Party Services. We are committed to keep Applicants Information private and use it solely for our internal recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, background checks on Applicants and contacting Applicants by phone or in writing). Please note that Hi Bob may retain Applicants Information submitted to it even after the applied position has been filled or closed so we can re-consider Applicants for other positions and opportunities and in case the Applicant is hired, for additional employment and business purposes related to his/her work. If you previously submitted your Applicants Information to Hi Bob, and now wish to access it, update it or have it deleted, please contact us at: firstname.lastname@example.org. We will be happy to assist in any manner.
Requests Through the Website and Commercial Offers (Not applicable for Customers)
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
Privacy Commitment to California Residents
If you are a resident of California, California Civil Code Section 1798.83 may, in certain circumstances, permit you to request information regarding the disclosure of your personal information by Hi Bob to a third party for that party’s direct marketing purposes. This right granted to California residents applies only to their activities within the State of California. To make such a request, please contact us at: email@example.com.
We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 16 to register for the Hi Bob Service. If you are under 16, do not register or attempt to register for any of the Hi Bob Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Information or Personal Data from a child under the age of 16, we reserve the right to delete that Personal Information or Personal Data as soon as reasonably practicable without any liability to Hi Bob from any User. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: firstname.lastname@example.org as soon as possible.
EU-US Privacy Shield
HiBob Inc. participates in and have certified its compliance with the E.U.-U.S. Privacy Shield Framework. HiBob, Inc. is committed to subjecting all personal data received from European Union (E.U.) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, HiBob Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, HiBob may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You can direct any questions or complaints about the use or disclosure of your E.U. Personal Data to email@example.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your E.U. Personal Data within 30 days of receiving your complaint. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted HiBob Inc is committed to cooperate with a relevant panel established by the EU data protection authorities and Information Commissioner, as applicable and comply with the advice given by such panel or commissioner with regard to data transferred from the EU.
Questions, contact information and complaints
Last Revised: February 5th, 2019
Please do not hesitate to contact us:
firstname.lastname@example.org or 972-73-2652599.
You can contact our DPO (Kobi Afoota) also at: email@example.com or at: 28 Ben Avigdor St., Tel Aviv 6721848.