Visitor is an individual who has reached the age of majority and by their actions can acquire civil rights for themselves and exercise them independently, as well as to create civic duties for themselves, to perform them independently and to bear responsibility if they are not fulfilled, who visited the Site for informational purposes without Acceptance of the public offer.
HelpCrunch (hereinafter referred to as “HelpCrunch”, “we”, “us”) is represented by the HelpCrunch Corporation, registered at: 721 Colorado Avenue, Suite 101 Palo Alto, CA USA 94303, which owns all HelpCrunch Services, as well as the Site, on the basis of private property rights and provides organizational, financial, technical support for the existence and functioning of the HelpCrunch and its Site.
Parties – HelpCrunch and Users (Visitors).
HelpCrunch Services – a complex of HelpCrunch assets, including:
(a) Websites with domain names: helpcrunch.com, docs.helpcrunch.com, blog.helpcrunch.com as well as any other inheritable URLs, mobile or localized versions of websites, other domains and subdomains of HelpCrunch websites;
(b) All products, applications or services provided to Users at the moment or in the future;
(c) All mobile applications and services provided by HelpCrunch at the moment or in the future.
General Data Protection Regulation (hereinafter referred to as – “GDPR”) is the Regulation (EU) 2016/679 of the European Parliament and of the Council from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal data is any factual information that allows identifying a person. Such information includes, but is not limited to, a name, location, online identifier, IP addresses, cookies and/or localStorage/sessionStorage, date and time of the query, time zone, access status/HTTP status code, volume of data transferred, website from which a request comes, browser (or other software/application allowing access to HelpCrunch Services), operating system and its interface, language and version of the browser software, name, email, API tokens, billing information.
1. General conditions
1.3. HelpCrunch provides services to Users that have reached the age of majority, are able to acquire civil rights for themselves and exercise them independently.
1.4. HelpCrunch encompasses two legal statuses stipulated by the GDPR:
(a) Data controller;
(b) Data processor.
1.5. In regard to Users of the HelpCrunch Services, we have the legal status of both Data Controller and Data Processor. Information about individuals connected to Users is collected and processed by HelpCrunch strictly in a storage form. HelpCrunch Users serve as Data Controllers in regard to such individuals.
1.6. In relations between Users and third parties, where HelpCrunch Services are used, we have the legal status of Data Processor.
1.9. We provide the Service Level Agreement (SLA), which contains a detailed description of the provided services, including a list of quality parameters, reliability of HelpCrunch Services, methods and means of their control, the response time of HelpCrunch to the request from a User, as well as other significant conditions which are inherent for this kind of agreements - only upon the request from a User, submitted via HelpCrunch chat or via email (firstname.lastname@example.org).
2. HelpCrunch data processing principles
2.1. Personal data is legitimately, fairly and transparently processed by HelpCrunch in respect of any User.
2.2. The processing of User's personal data is carried out only in the case and only for the purposes which this data is collected for.
2.3. Users' personal data must be consistent with, be relevant to and limited by the purpose of HelpCrunch Services use, for which such data is processed.
2.4. Personal data of a User, used by HelpCrunch is accurate and up-to-date. Obsolete and inaccurate data is corrected or deleted by HelpCrunch.
2.5. We conduct regular audits in order to clean our User database. We store User information for a certain period of time, as it is justified by commercial or legal purposes.
2.6. We process personal data in such a way as to ensure a proper protection of personal data, including protection from unauthorized or illegal processing, as well as from accidental loss, destruction or damage, using suitable technical or organizational measures.
3. Purposes of data collection and processing
3.1. Processing of User’s personal data is carried out by HelpCrunch only if a User has agreed to process their personal data for one or several specific purposes.
3.2. Processing of User’s personal data is performed by HelpCrunch in order to:
(a) Identify a User in the relationships between HelpCrunch and the User;
(b) Provide a number of services offered within HelpCrunch Services to a User;
(c) Conduct statistical and other studies based on de-identified User data.
3.3. In cases when HelpCrunch acts as a Data Processor, data about third parties that interact with a User, shall be collected solely for the purpose of storage and processing by HelpCrunch (including, but not limited to validation, sorting, summarization, aggregation, analysis, reporting, classification).
4. User rights
4.1. User has the right to obtain a confirmation from HelpCrunch as to whether or not their personal data is being processed (‘right to be informed’), and if so, where to access their personal data and the following information:
(a) The purposes of processing;
(b) The categories of personal data;
(c) Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular, recipients from non-EU countries or international organizations;
(d) Where possible, a supposed period of time for which the personal data will be stored, or, if not possible, the criteria used to determine such period;
(e) The existence of the right to rectification or erasure of the personal data or restriction of processing of the personal data;
(f) The right to lodge a complaint with a supervisory authority;
(g) The existence of an automated decision-making process, including profiling, mentioned in Articles 22(1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for a User.
4.2. Where personal data is transferred to a non-EU country or to an international organization, a User shall have the right to be informed of the appropriate safeguards related to the transfer in correspondence to the Article 46 of GDPR.
4.3. Upon request from a User, we shall provide a copy of personal data that is being processed. For any further copies requested by a data subject, we may charge a reasonable fee based on the administrative costs. Where a data subject makes a request by electronic means, and unless requested otherwise by a data subject, information shall be provided in a commonly used electronic form.
4.4. User has the ‘right to rectification’ that means that the User has the right to obtain from HelpCrunch, without undue delay, the rectification of inaccurate personal data of the User. Taking into account the purposes of the processing, a data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.5. User has the right to erasure (‘right to be forgotten’). We are obliged to erase User’s personal data without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) Personal data is no longer necessary in regards to the purposes for which it was collected or otherwise processed;
(b) User withdraws a consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of GDPR, and where there is no other legal ground for the processing;
(c) User objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;
(d) Personal data have been unlawfully processed;
(e) Personal data have to be erased for compliance with a legal obligation in Union or Member State law to which HelpCrunch applies;
(f) Personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.
4.6. Where the controller has made personal data public and is obliged pursuant to paragraph 1 of GDPR to erase the personal data, HelpCrunch, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers, that are processing the personal data, that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
4.7. User has the right to restrict their personal data processing where one of the following applies:
(a) The accuracy of the personal data is contested by the data subject, for a period enabling HelpCrunch to verify the accuracy of the personal data;
(b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) HelpCrunch no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) User has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of HelpCrunch override those of the data subject
4.10. Where processing has been restricted under paragraph 1 of the GDPR pending the verification whether the legitimate grounds of HelpCrunch override those, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
4.11. User who has obtained restriction of processing pursuant to paragraph 1 of the GDPR shall be informed by HelpCrunch before the restriction of processing is lifted.
5. Terms of personal data processing and transferring it to third parties
5.1. We take all necessary measures to protect the personal data of a User from unauthorized access, modification, disclosure or destruction.
5.2. We grant access to personal data about Users only to third parties to whom this information is necessary to ensure the functioning of HelpCrunch Services and for the purpose of providing services to a User.
5.3. Personal data about Users is encrypted using Transport Layer Security (TLS) technology to protect transactions and prevent unauthorized access to personal information.
5.4. We have the right to use the information provided by Users, including personal data, in order to ensure compliance with the requirements of the relevant current legislation of the United States of America (and also to prevent and / or suppress illegal and / or unlawful actions by Users). Disclosure of the information provided by Users can be fulfilled only in accordance with the current legislation of the United States of America at the request of the court, the request of law enforcement bodies, as well as in other cases as required by the law of the United States of America.
5.5. In the event of a leak/breach/discredit of personal data, we are obliged to bring this fact to the attention of the relevant authorities, no later than 72 hours after we became aware of such a leak/breach/discredit.
5.6. The transfer of personal data to a third country or international organization is possible and allowed if the European Commission ("the Commission") has decided that a third country, territory or one or more of these sectors within this third country or international organization, provide an adequate level of protection of personal data (hereinafter - "Decision on sufficiency").
5.7. In the absence of a Decision on sufficiency, we should take measures to compensate for the lack of data protection in a third country by providing appropriate guarantees to Users given that effective methods of legal protection of User’s rights are available, including:
(a) A legally binding and enforceable document between the state authorities of the respective countries;
(b) Mandatory corporate rules approved by the competent supervisory authority;
(c) Provisions on standard data protection adopted by the Commission;
(d) Provisions on standard data protection adopted by the supervisory authority and approved by the Commission;
(e) The approved code of conduct, together with the compulsory and enforceable obligations of the controller in the third country, will apply appropriate safeguards, including with respect to the rights of Users;
(f) The approved certification mechanism, compiled with the compulsory and enforceable obligations of the controller in a third country, to apply appropriate safeguards, including with respect to the rights of Users.
5.8. In the absence of a decision on sufficiency or due guarantee, the cross-border transfer of personal data may be carried out only under one of the following conditions:
(a) User directly agreed with the proposed transfer after being informed of the possible risks of such transmissions to the data subject due to a lack of a Decision on sufficiency and related guarantees;
(b) Transfer is necessary for a contract between a User and the Controller or the implementation of pre-contractual measures taken at the request of the data subject;
(c) Transfer is necessary to conclude or execute a contract concluded in the interests of a User between the Controller and another natural or legal person;
(d) Transfer is necessary for important reasons in the public interest;
(e) Transfer is necessary for the establishment, implementation or protection of claims under the lawsuit;
(f) Transfer is necessary to protect the vital interests of User or other persons if a User is physically or legally incapable of giving consent.
6. Terms of service
6.1 Users by using HelpCrunch Services, confirm that:
(a) They have all the necessary rights that allow them to acquire civil rights for themselves and to implement them independently, as well as the ability to create civic duties for themselves, to fulfill them independently and to bear responsibility if they are not fulfilled;
(b) They indicate accurate information about themselves in the relevant form to use HelpCrunch Services; Required fields for further offering HelpCrunch Services are marked in a special way - by the symbol "*", all other information is provided by Users at their own discretion;
(e) By using HelpCrunch Services, they agree to receive periodic e-mail messages about HelpCrunch updates.
6.2. HelpCrunch is a SaaS (Software as a Service). Based on this, Users agree with the recurring monthly / annual payments and with using HelpCrunch Services until the account deletion / cancellation.
6.3. Users have the right to receive personal data about themselves, that they provided HelpCrunch with, and also have the right to transfer this data to other individuals, without interference from HelpCrunch.
6.4. Users have the right to object to certain types of processing of their personal data - direct marketing, processing for the purpose of protecting legitimate interests, as well as data processing for research or statistical purposes.
6.5. Please review our General Terms of Service applicable to Use of HelpCrunch Services.
7. Personal data change and deletion
7.1. Users are allowed to change (update, supplement) their personal information or a part of it at any time, as well as privacy settings, by sending a request to HelpCrunch via chat or email ( email@example.com).
7.2. Users are allowed to delete their personal information or a part of it at any time, in order to avoid its distribution or transfer to third parties.
7.3. We have the right to delete personal information of any User if it’s no longer needed for the purposes for which it was collected, and, in the absence of other grounds for their storage, after a certain period of time from the occurrence of such circumstances.
9. Compliance with CAN SPAM Act, Children Online Privacy Protection Act, California Online Privacy Protection Act
9.1.1. According to CalOPPA we agree to the following:
(a) Users can visit our site anonymously;
9.1.3. Users are able to change their personal information by sending a chat request, emailing us or by logging in to their account.
9.1.4. We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
9.1.5. It's also important to note that we allow third party behavioral tracking.
9.2. Children Online Privacy Protection Act (COPPA). When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under 13.
9.3. The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
9.3.1. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
(a) We will notify a User via email within 7 business days;
(b) We will notify a User via in site notification within 7 business days.
9.3.2. We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
9.4. CAN SPAM Act. The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
9.4.1. We collect your email address in order to:
(a) Send information, respond to inquiries, and/or other requests or questions;
(b) Process orders and to send information and updates pertaining to orders;
(c) We may also send you additional information related to HelpCrunch Services;
(d) Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
9.4.2. To be in accordance with CAN SPAM we agree to the following:
(a) NOT use false, or misleading subjects or email addresses;
(b) Identify the message as an advertisement in some reasonable way;
(c) Include the physical address of our business or site headquarters;
(d) Monitor third-party email marketing services for compliance, if one is used;
(e) Honor opt-out/unsubscribe requests quickly;
(f) Allow users to unsubscribe by using the link at the bottom of each email.
9.4.3. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Updated on Jun 1, 2018