We respect your Privacy
All our activities follow the EU GDPR law strictly. As a certified ISO 27001 company all our activities follow safety and security guidelines.
Last update: 6th April 2023.
Harry HR – ITéaal Beheer BV offers a platform – including tools and applications – commercialised as “Harry HR” which provide the means to measure and improve Employee Experience. We do so by giving all employees a voice within their organization by the Harry HR Experience app for Employees and Dashboard for Leaders.
Harry HR – ITéaal Beheer BV understands the importance of protecting Personal Information and the eventual impact data leaks can mean for our customers. Therefor we’ve shaped have business procedures and security safeguards. All to protect your and your employees and organizations Sensitive Organizational and/or Personal Information.
Application and Scope
How we look after your Data
Sensitive Organizational and/or Personal Information is defined as any information about an identifiable individual. This may include, for example, email addresses and contact details and any similar information provided to Harry HR in the course of its business operations, or which Harry HR may receive from business inquiries. Personal Information that is aggregated and/or de-identified or that cannot be associated with an identifiable individual is not considered to be Personal Information.
Harry HR complies with:
1. Data protection laws applicable to Harry HR (GDPR, EU-based and Hosted > the Netherlands)
2. Anti-spam legislation applicable to Harry HR
3. Applicable industry standards concerning data protection, confidentiality or information security.
Harry HR has global operations and therefore, in some cases, information managed by Harry HR may be transferred, processed and stored to other countries, although at all times Harry HR will ensure that Sensitive Organizational and/or Personal Information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed our outsourced by Harry HR itself. We only transfer Sensitive Organizational and/or Personal Information to another country if this is ‘needed’. Regularly all our data is hosted and thereby stored within the Netherlands within phsyical seperated data centers.
Harry HR complies with this Policy as well as applicable Holland private sector data protection laws such as AVG.
Harry HR also complies with the General Data Protection Regulation (Regulation (EU) 2016/679). Where applicable, our commitment to such regulation may be found in our Data Processing Addendum. Harry HR (or third parties acting on Harry HR’s behalf) may transfer Sensitive Organizational and/or Personal Information that Harry HR collects to countries outside of the European Economic Area. Where such transfer occurs, Harry HR will take steps to ensure that Sensitive Organizational and/or Personal Information is protected.
Harry HR will make such transfers only if at least one of the following conditions are present:
Harry HR has entered into a contract based on the “Standard Contractual Clauses”, provided that such contract, combined with technical and organizational measures, offers appropriate safeguards for the rights of the individuals whose personal data is being transferred. Such transfer is governed by “Binding Corporate Rules”, which have been approved by data protection authorities. Or such transfer is covered by a European Union Commission “adequacy decision”.
Usage of your data through our services
When providing the Services, Harry HR only processes Sensitive Organizational and/or Personal Information in accordance with the Terms and applicable laws. Harry HR generally uses Sensitive Organizational and/or Personal Information from or about its Customers and Users for the following purposes:
– To create, establish and administer Customer’s Account(-s)
– To process payments, to respond to Customer’s inquiries related to its account and to contact Customer about Harry HR’s Services or account-related matters
– To provide Services, including to provide Customer and its Users with access and use of the Harry HR (EXP) Platform and customer support
– To manage and develop Harry HR’s business and operations
– To measure and analyze User behavior
– To monitor, maintain and improve Harry HR’s Services, Products, Website and Marketing or any other features
– To understand how Users interact with Harry HR and ensure our services, products or features work correctly
– To develop new services, products, features, programs and promotions
– To understand Customers and Users’ needs and preferences and customize how we tailor and market products, programs and Services to our Customers and Users based on their interest and usage
– To meet legal and regulatory requirements and to allow Harry HR to meet contractual requirements relating to the Services provided to Customer
– To conduct surveys on the quality of Harry HR’s Services and/or Products or to collect feedbacks on the Services
– To provide Customer with offers for additional services, features and products that Harry HR believes may be of interest to Customer
– To conduct market or benchmarking research and data analytics by tracking and analyzing current or previously collected Sensitive Organizational and/or Personal Information
– To measure the effectiveness of our marketing and sales operations
When and if possible, Harry HR will use Sensitive Organizational and/or Personal Information in an aggregated and/or de-identified format.
Unless required or authorized by law, Harry HR will not use Sensitive Organizational and/or Personal Information for any other or new purpose without obtaining prior consent of it’s Customer(-s).
Harry HR generally collects and uses Sensitive Organizational and/or Personal Information from or about its website Users as follows:
Information Provided by Users
In many cases, Harry HR collects Sensitive Organizational and/or Personal Information directly from Users when they visit or use the website.
Harry HR may collect Users’ name, function, organizationl unit and name, contact information, email address and any other information provided when Users make an inquiry, book a demo or contact Harry HR through the website.
When Users sign up to receive Harry HR’s newsletter or when Users submit a request or an order for an Harry HR trial or service.
When Users visit the website, they may, from time to time, be invited to provide information such as User’s title to help Harry HR personalize or customize the Users experience when using the website.
When Users visit the website, Harry HR may collect, using electronic means such as cookies, technical information. This information may include information about visits to the website, including the IP address of the Users’ computer and which browser was used to view the website, the Users’ operating system, resolution of screen, location, language settings in browsers, the site the User came from, keywords searched (if arriving from a search engine or similar), the number of page views, information entered, advertisements seen, etc.
This data is used to measure and improve the effectiveness of the website or enhance the experience for Users. While most of the time this information is depersonalized, if this information relates to an identifiable individual, Harry HR will treat this information as Sensitive Organizational and/or Personal Information.
Harry HR may also, without limitations, collect and use the following type of information when Users visit and/or interact with Harry HR on the website:
– Google Analytics: Harry HR uses Google Analytics which allows it to see information on User website activities including, but not limited to, page views, source and time spent on our website. This information is depersonalized and is displayed as numbers, meaning that it cannot be tracked back to individuals. Users may opt-out of Harry HR’s use of Google Analytics by visiting the Google Analytics opt-out page.
– HubSpot: Harry HR uses HubSpot which allows it to see information on User website activities including, but not limited to, page views, source and time spent on our website. However, this information is not depersonalized and Users may not opt-out of Harry HR’s use of HubSpot.
– Google AdWords: Harry HR uses Google AdWords Remarketing to advertise Harry HR across the Internet and to advertise on third party websites (including Google) to previous visitors of the website. AdWords remarketing will display ads to Users based on what parts of the Harry HR website they have viewed by placing a cookie on the Users’ web browser. It could mean that Harry HR advertises to previous visitors who haven’t completed a task on the site or this could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. This cookie does not in any way identify the User or give access to the Users’ computer or mobile device. The cookie is only used to indicate to other websites that the User has visited a particular page on the website, so that they may show the User ads relating to that page. If Users do not wish to participate in Google AdWords Remarketing, they can opt out by visiting Google’s Ads Preferences Manager.
Harry HR may also allow a limited number of trusted third parties to install cookies from the website. The website may include third-party advertising and links to other websites which may be used to generate personalized advertisements. Personalized ads, sometimes referred to as interest-based or behavioral ads, are ads based upon information about Users, such as page views on the website, information requests or purchases on the website. Harry HR does not provide any Sensitive Organizational and/or Personal Information to advertisers or to third party sites that display interest-based ads on the website. However, advertisers and other third-parties (including the ad networks, ad-serving companies, and other service providers we may use) may assume that Users who interact with or click on a personalized ad or content displayed on the website are part of the group that the ad or content is directed towards.
Choice with Cookies
Privacy Policies of other Websites
This Policy only addresses the use and disclosure of information by Harry HR. Other websites that may be accessible through the website have their own privacy policies and data collection, use and disclosure practices.
Personal Information from Other Sources
Harry HR may obtain from third parties additional Sensitive Organizational and/or Personal Information about a website User if such User gave permission to those third parties to share its information.
Sharing of Sensitive Organizational and/or Personal Information
Harry HR will not sell, rent or trade Personal Information to any third party. However, Harry HR may share Sensitive Organizational and/or Personal Information when authorized and/or required by law or as follows:
Within Harry HR
We may share Sensitive Organizational and/or Personal Information within Harry HR (i.e. between our affiliates and subsidiaries) in the Netherlands for the purposes described within this Policy.
Harry HR may grant access to Sensitive Organizational and/or Personal Information to third-party service providers in connection with the performance or the improvement of its website and Services. Before sharing any Sensitive Organizational and/or Personal Information with any of its third-party service providers, Harry HR will ensure that the third party maintains reasonable data management practices for maintaining the confidentiality and security of Sensitive Organizational and/or Personal Information and preventing unauthorized access.
As Permitted or Required by Law
Harry HR may disclose Sensitive Organizational and/or Personal Information as required by applicable law or by proper legal or governmental authority. Harry HR may also disclose information to its accountants, auditors, agents and lawyers in connection with the enforcement or protection of its legal rights. Harry HR may also release certain Sensitive Organizational and/or Personal Information when it has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property or safety of others and itself, in accordance with or as authorized by law.
In the event Harry HR receives a governmental or other regulatory request for any Sensitive Organizational and/or Personal Information, Harry HR will promptly notify Customer, unless it is prohibited to do so, in order that Customer shall have the option to defend such action. Harry HR shall reasonably cooperate with Customer in such defense.
Harry HR may disclose Sensitive Organizational and/or Personal Information to a third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, Personal Information will remain protected by applicable data protection laws. In the event the transaction is not completed, Harry HR will require the other party not to use or disclose the Sensitive Organizational and/or Personal Information received in any manner whatsoever and to delete such Sensitive Organizational and/or Personal Information.
Security and Safety Program
Harry HR will store and process the Sensitive Organizational and/or Personal Information in a manner consistent with industry security standards, and as long as necessary for the purposes described in this Policy, unless a longer retention is required by law.
Harry HR has implemented technical, organizational and administrative systems, policies, and procedures to help ensure the security, integrity and confidentiality of Sensitive Organizational and/or Personal Information and to mitigate the risk of unauthorized access to or use of Sensitive Organizational and/or Personal Information, including:
1. Appropriate administrative, technical and physical safeguards and other security measures designed to ensure the security and confidentiality of the Sensitive Organizational and/or Personal Information it manages
2. A security design intended to prevent any compromise of its own information systems, computer networks or data files by unauthorized Users, viruses or malicious computer programs
3. Appropriate internal practices including, but not limited to, encryption of data in transit; using appropriate firewall and antivirus software; maintaining these countermeasures, operating systems and other applications with appropriate reasonable up-to-date virus definitions and security patches so as to avoid any adverse impact to the Sensitive Organizational and/or Personal Information that it manages
4. Appropriate logging and alerts to monitor access controls and to assure data integrity and confidentiality
5. Permitting only authorized Users access to systems and applications, and all persons with authorized access to Sensitive Organizational and/or Personal Information must have a genuine business need-to-know prior to access (together, “Security and Safety Program”).
Our employees and internal training
Harry HR maintains adequate training programs to ensure that its employees and any others acting on its behalf are aware of and adhere to its Security and Safety Program.
Harry HR shall exercise necessary and appropriate supervision over its relevant employees to maintain appropriate confidentiality and security of the Sensitive Organizational and/or Personal Information it manages.
In case of an incident involving Sensitive Organizational and/or Personal Information Harry HR shall promptly notify Customer of a data breach, of a loss of data or of a failure of Harry HR’s Security and Safety Program:
1. Which has resulted or is suspected to have resulted in the loss, unauthorised access, disclosure, use or acquisition of Sensitive Organizational and/or Personal Information (including hard copy records)
2. Which, in Harry HR’s opinion, presents a real risk of significant harm to individuals whose Sensitive Organizational and/or Personal Information is impacted (“Data Incident”).
While the initial notice may be in a summary form, a comprehensive written notice shall be given to Customer within the legally required timeframe, where applicable. The notice shall summarize in reasonable detail the nature and scope of the Data Incident (including each data element type) and the corrective action taken or to be taken by Harry HR.
Harry HR shall promptly take all necessary and advisable corrective actions, and shall cooperate with Customer in all reasonable efforts to mitigate the adverse effects of Data Incidents and to prevent their recurrence.
Users legal rights
To the extent that Harry HR’s processing of Sensitive Organizational and/or Personal Information is subject to the General Data Protection Regulation (Regulation (EU) 2016/679), Harry HR relies on its legitimate interests, described above, which are not overridden by your data protection interests, to process Sensitive Organizational and/or Personal Information.
Subject to applicable laws, Users also have the right to:
1. Access and rectification or erasure of Sensitive Organizational and/or Personal Information, to the extent that Harry HR may need to retain certain Sensitive Organizational and/or Personal Information, including for record keeping purposes or to comply with legal obligations
2. Restrict or object to Harry HR’s use of Sensitive Organizational and/or Personal Information (though, in some cases, this may mean no longer using the Services or the website) where Harry HR is relying on a legitimate interest (or those of a related third party) and there is something about User’s particular situation which impacts on User’s fundamental rights and freedoms
3. Lodge a complaint with their local data protection authority
4. Users / Customers will not have to pay a fee to exercise such rights, however, Harry HR may charge a reasonable fee or refuse to comply if the request is unfounded, repetitive or excessive.
Reach out to us
Any questions, remarks or complaints regarding this Policy or Harry HR’s handling of Sensitive Organizational and/or Personal Information can be addressed by sending an email to firstname.lastname@example.org.
A User and/or Customer who seeks to exercise its data protection rights, in respect of Sensitive Organizational and/or Personal Information stored or processed by us on behalf of a Customer (e.g. the employer), must direct his/her query to such Customer, as being the data controller. If Harry HR receives such User’s request to exercise its data protection rights (including for access to or correction of Sensitive Organizational and/or Personal Information), Harry HR shall redirect the User to Customer and, upon request from Customer, shall assist Customer in responding to such request, if applicable.
Harry HR will review and update its policies and procedures as required to keep current with rules and regulations, new technologies, standards and customer concerns. This Policy may therefore change from time to time.
If Harry HR makes changes that materially alter Users privacy rights, Harry HR may provide additional notice, such as via email or through the Services or the website. If Users and/or Customers disagree with the terms of this Policy, their only remedy is to discontinue use of the websites and our services.