Last updated: 24 October 2022

This Privacy Policy ("Policy") describes how HRMNY AI SIA, registry code 50203491461, address Ranka dambis 30-280, Riga, Latvia, LV-1048 (“HRMNY”, "we" or "us"), as a data controller, collect, use and disclose personal data, and the steps we take to protect such personal data, provided by you or collected by us either on the website https://hrmny.ai (Website) or when you use the services that we provide or may provide in the future (Services).

1. Data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• identity data, such as, first name, last name, gender, voice, video and/or photo;

• contact data, such as, email address, phone number;

• profile data, such as, username, account number or password;

• limited data from your social media profile (further information on this is below), if you have signed in to the Website using your social media details;

• technical data, such as, the Internet Protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), methods used to browse away from the page and any information of yours related to contact our customer service team;

• usage data, such as, information you viewed or searched for and information about how you use our Website and Services; and

• marketing data, such as, your preferences in receiving marketing from us and your communication responses as well subscription preferences.

When you sign in to our sites or apps using your Facebook login details, you give permission to Facebook to share with us your email address and certain aspects of your Facebook profile if you have made these public on your Facebook profile. This only includes your first and last name, link to your Facebook profile and profile picture. We do not have access to updates on your Facebook profile. If you use your Google login details, you give Google permission to share the personal data that you have made public in your Google profile. This only includes your first and last name, your email address and whether your email address has been validated, a link to your Google profile and, if you have one, your profile picture. We will then use this personal data to form a profile for your HRMNY account. If you remove the HRMNY app from your Facebook settings, or from your Google settings, we will no longer have access to this data. However, we will still have the personal data that we received when you first set up your HRMNY account using your Facebook or Google login.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

You shall be solely responsible for compliance with applicable data protection laws regarding the collection of and transfer to us of Client Personal Data as defined in the HRMNY Terms of Service. You agree not to provide us with any data concerning a natural person’s health, religion or any special categories of data as defined in Article 9 of the GDPR. You shall be solely responsible for compliance with applicable data protection Laws and ensuring that you have obtained a data Subject’s express opt-in consent for accessing personal data for the given data subject. 

2. Methods of data collection

We use different methods to collect data from and about you, including through:

• direct interactions. You may give us your identity and contact data by filling in forms, signing in using your social media details, recording video interviews, uploading photos or by corresponding with us by email and other messenger or otherwise. This includes personal data you provide when you apply for our Services, create an account on our Website, subscribe to our Service or publications, request marketing to be sent to you, enter a competition, promotion or survey, or give us some feedback, including report a problem with our Website;

• automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies;

• third parties or publicly available sources. We may receive personal data about you from the public domain, third parties or other websites we operate or the other services we provide.

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you, including to provide you with the Services. In this case, we may have to cancel the Services you have with us, but we will notify you if this is the case at the time.

3. Use of your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• where we need to provide you with Services you have requested from us;

• where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;

• where we need to comply with a legal or regulatory obligation.

Legitimate interest means the interest of our business in conducting and managing our business to enable us to provide you with the best Services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

We have set out below a description of all the purposes we plan to use your personal data:

• to register you as our customer and process and deliver the Services, including to identify your cognitive patterns, provide customer support and communicate with you;

• to manage our relationship with you, including to notify you about changes to our Services, Website, general terms or this Policy, ask you to leave a review or take a survey, resolve disputes and enforce agreements entered between us;

• to administer, customize, update, maintain, protect and improve the Website and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);

• to use data analytics to improve our Website, Services, marketing, customer relationships and experiences;

• to make suggestions and recommendations to you about Services that may be of interest to you.

If we have your permission, we may send you marketing materials we think may interest you, such as product updates, services and special offers. You can decide not to receive these emails at any time and will be able to "unsubscribe" directly by clicking a link in the email or by contacting us at any time.

4. Cookies and similar technologies

Like most Internet sites, our Website may use cookies and similar technologies to enhance your user experience and provide customization and useful features to our Website and Services. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

5. Disclosure of your personal data

Except as outlined in this Policy, your personal data will never be sold or disclosed with other companies or organizations for commercial purposes or otherwise.

We may disclose your personal data with third parties as described below:

• to our contractors (who may be located outside the European Economic Area ("EEA")) to process it for us, for the purposes of identifying your cognitive patterns using machine learning and train its algorithms, but also for improving your user experience, performing business support functions, customer relationship management or other related tasks, based on our instructions and in compliance with the Policy and any other applicable confidentiality and security requirements. In addition, transfers to our contractors are covered by the service agreements with such contractors;

• if we are required to do so by law or pursuant to legal process or to comply with any applicable rules or regulations; and

• to a successor entity in connection with a corporate merger, consolidation, partial or total sale of assets, bankruptcy, or other corporate change of our business.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;

• where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries;

• where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

6. How we protect your personal data

We adhere to the generally accepted industry standards to protect your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. Only our authorized employees, agents and contractors (who have agreed to keep personal data secure and confidential) have access to the personal data on a need to know basis.

We store and process data, including personal data, in the EEA and possibly in other countries through third parties that we use to operate and manage the Services. When you access or use our Websites or the Services, or otherwise provide personal data to us, you are consenting, on behalf of you and your authorized agents, (and representing that you have the authority to provide such consent) to the processing and transfer of personal data in and to the other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy.

You agree and acknowledge that the Internet may be subject to breaches of security and that the submission of data over the Internet may not be secure. We strive to use acceptable means to protect any personal data you share with us, however we cannot guarantee its absolute security.

7. How long we keep personal data for

We will retain your personal data only for so long as it is required for the purposes for which it was collected. This period may extend beyond the end of your relationship with us, but only for so long as is reasonably necessary for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When your personal data is no longer required, we will destroy, delete or convert it into an anonymous form.

8. Third-party links

The privacy practices set forth in this Policy apply to the Website and Services only. If you link to other websites (including sites that offer or use the Services or are promoted by us) or use the services of other service providers, please review the privacy policies posted at those websites or by the relevant service providers.

9. Your rights

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

• right to access - to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;

• right to rectification - to request that we rectify or update any personal data that is inaccurate, incomplete or outdated;

• right to erasure - to request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent, and you withdraw your consent;

• right to objection of processing - where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedom;

• right to restriction of processing - to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;

• right to withdraw consent - where you have given us consent to process your personal data, to withdraw your consent; and

• right to data portability - to request that we provide a copy of your personal data to you in a structured, commonly used and machine-readable format in certain circumstances.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Indemnity

To the extent permissible by law, you shall indemnify and hold harmless us against all (i) losses, (ii) third party claims, (iii) administrative fines and (iv) costs and expenses (including, without limitation, reasonable legal, investigatory and consultancy fees and expenses) reasonably incurred in relation to (i), (ii) or (iii), suffered by us and that arise from any breach by you of this Privacy notice or of its obligations under applicable data protection laws.

11. Changes to the Policy

We may change this Policy unilaterally and without prior notice, but any changes will be posted on the Website. If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Policy, you should stop using our Services, the Website or any other aspect of our business. Your continued use of the Website or our Services constitutes your agreement to all such changes.

12. Contact and complaints

For further information regarding the Policy and related practices or in case of any suspected infringement of your privacy, please contact us at hello@hrmny.ai or by post: HRMNY AI SIA, registry code 50203491461, address Ranka dambis 30-280, Riga, Latvia, LV-1048.

If you reside in the EEA, we will be the controller of your personal data provided to, or collected by, or processed in connection with our Services. You have the right to make a complaint at any time to the Data State Inspectorate of Latvia (address Blaumana Street 11/13-11, Riga, LV-1011, Latvia, e-mail address info@dvi.gov.lv, phone +372 67 22 31 31). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Inspectorate, so please contact us in the first instance.